SSH remains a top attack vector 30 years after its introduction. This post covers hardening strategies for Ubuntu environments, including replacing static keys with centralized identity management via SSSD for Active Directory and authd for cloud IdPs like Microsoft Entra ID and Google Cloud IAM. authd uses OAuth 2.0 Device Authorization Grant to enable MFA on headless servers. For compliance with SOC2, HIPAA, PCI-DSS, and DISA-STIG, Ubuntu Pro automates security benchmark enforcement. ADsys extends Group Policy Objects to Ubuntu clients for fleet-wide policy enforcement. A practical checklist covers disabling root login, eliminating password auth, enforcing MFA, restricting network access, configuring Fail2Ban, and changing default ports.
Table of contents
Linking identity systems to SSHHow can you use IdPs to authenticate SSH sessions?Meeting your compliance and cryptographic requirementsCan you enforce policies at scale?Security checklist: hardening SSHRead more in our identity management whitepaperSort: