Authentication

Configure the minimum password length on Linux systems

One of the options to improve password security is by setting a minimum password length. This article explains how to configure and test this security step.

Summary of Configure the minimum password length on Linux systems

Linux and password strength One of the options to improve password security is by setting a minimum length. This prevents users from choosing easy passwords. As part of Linux system hardening, you don’t want your passwords to be cracked too quickly by modern password crackers. Configuration Let’s have a look at how to configure password security and in particular the length and its strength. Login settings The first area where you can set a password length is in /etc/login.

Read the full article…

Distributing SSH keys: using ssh-copy-id, manually or automated

Learn how to get your SSH keys easier to another system using different available methods such as manually or a tool like ssh-copy-id

Summary of Distributing SSH keys: using ssh-copy-id, manually or automated

When you want to allow public key authentication, you have to first create a SSH keypair. Next step is then the distribution of the public key to the other systems. Let’s have a look at a few options, including using the ssh-copy-id utility. Option 1: Manually In the past, you had to log in manually to the new system and do things yourself. Especially if you created your key with a tool like PuTTYgen on Windows.

Read the full article…

File Integrity of Password Files

Proper password management, together with file integrity of your password files, is important for security of your system and users.

Summary of File Integrity of Password Files

Password files on Linux are used to store user details, like your unique user ID and name. It defines who you are on the system, your access to files, and the permissions you have. Proper password management, together with file integrity of your password files, is important. It keeps your system and user accounts safe. Password Files For most Linux distributions there are two related files available: /etc/passwd and /etc/shadow. The first file defines what local users are available on the system.

Read the full article…

Granting temporary access to your servers (using signed SSH keys)

SSH has the capabilities to give a colleague or vendor temporary access to your systems. Learn how to install and configure the related SSH settings.

Summary of Granting temporary access to your servers (using signed SSH keys)

In need of support from a colleague or vendor, but don’t want to give them permanent access? SSH has an option to allow temporary access! Next time you need to provide temporary access for an hour or day, use this great option. Configuration We have two machines for this purpose. One is a system running Arch Linux, the client system. The other one is a server, running Ubuntu Linux. For temporary support, we have created a functional account support on the Ubuntu server.

Read the full article…

How to test if an account has a password set?

Want to determine if a Linux account has a password set or its related properties? Here are few methods to check this and the steps to perform.

Summary of How to test if an account has a password set?

Sometimes you might want to check if an account on the system has a password set. One of the reasons is to disable those, so you can enforce that only SSH authentication might be used, for example. There are a few ways to see if a password is set. Using the passwd command The first command that comes to mind is using the passwd command. Normally you would use that to change your password, but it can actually also reveal useful details about existing accounts.

Read the full article…

Locking users after X failed login attempts with pam_tally2

The pam_tally2 module allows system administrators to block accounts after a number of incorrect login attempts. This guide explains how to use it with SSH.

Summary of Locking users after X failed login attempts with pam_tally2

Using pam_tally2 on Linux Most Linux distributions use pluggable authentication modules (PAM). This modular type of configuration allows system administrators to configure and fine-tune the authentication of users. It also defines the behavior on specific events, like providing an invalid user account or password. PAM can use these events to automatically take an action, like locking an account. Introduction to PAM The configuration of PAM is not that hard, but there are risks involved in the process of making changes.

Read the full article…

The real purpose of login banners (on Linux)

We are used seeing login banners everywhere. What is the point of them, and why would they be useful? The answer is more surprising than you expected.

Summary of The real purpose of login banners (on Linux)

Login banners on Linux The first thing you might see when connecting to a Linux machine, is a login banner. Some systems use the default, others have put some serious work into it. Think of great forms of ASCII art, or a lot of impressive text. You might be surprised to learn the real reasons for having a banner in the first place. In this article we will discuss the purpose, and determine how we can improve the quality of our login banners.

Read the full article…