30 years after its introduction, Secure Shell (SSH) remains the ubiquitous gateway for administration, making it a primary target for brute force attacks and lateral movement within enterprise environments. For system administrators and security architects operating under the weight of regulatory frameworks like SOC2, HIPAA, and PCI-DSS,  […]

The Ubuntu Blog provides updates, tutorials, and insights on the Ubuntu operating system and related projects. Covering topics such as Linux desktops, server administration, and cloud computing, the blog offers resources for developers and sysadmins working with Ubuntu. Developers can learn how to set up, configure, and optimize Ubuntu systems for development, deployment, and production environments by following the Ubuntu Blog.

Ubuntu

SSH remains a top attack vector 30 years after its introduction. This post covers hardening strategies for Ubuntu environments, including replacing static keys with centralized identity management via SSSD for Active Directory and authd for cloud IdPs like Microsoft Entra ID and Google Cloud IAM. authd uses OAuth 2.0 Device Authorization Grant to enable MFA on headless servers. For compliance with SOC2, HIPAA, PCI-DSS, and DISA-STIG, Ubuntu Pro automates security benchmark enforcement. ADsys extends Group Policy Objects to Ubuntu clients for fleet-wide policy enforcement. A practical checklist covers disabling root login, eliminating password auth, enforcing MFA, restricting network access, configuring Fail2Ban, and changing default ports.

How to Harden Ubuntu SSH: From static keys to cloud identity

How can you use IdPs to authenticate SSH sessions?

Meeting your compliance and cryptographic requirements

Read more in our identity management whitepaper