kevin_flynn_180
Aug 10, 2016Nimbostratus
securing ssh with apm
Hey guys, Interesting idea I was presented with the other day. As an organization, we have pushed hard for MFA. We try to use it for new external apps, sites, etc.
However, I just came up against a new one. A customer has a requirement to SSH to a server from the Internet, no problem I can proxy that. But how can we MFA that? Yes, DUO has a plugin that can handle it BUT someone will have access to that server directly.
I want to try and control access with APM and my initial thought was some type of network access webtop. Only 'issue' is, you guessed it, port 22. Can I / is it possible, that if someone tries to SSH in on 22, a 'popup' or dialog is created via APM prompting them for credentials and their DUO token?