Linux Security: Locking Down Admin Access with SSH and Sudo

The 2 native tools to Linux for securing privileged access are SSH and Sudo. SSH is how you get into the system securely in terms of authentication and network security and Sudo is what enforces least privilege once you are in. In this real training for free session, we will dive into the details of secure admin access to Linux as a whole, with these 2 tools as the essential building blocks.

SSH

Secure Shell (SSH) is a network protocol that provides login, remote command line execution and file transfer. SSH replaced Telnet for this purpose a long time ago. On your local endpoint you run some kind of SSH client such as PuTTY and it connects over port 22 to the Linux system you want to administer – specifically the sshd which is the Secure Shell Daemon running the server-side component of SSH. We will focus on sshd and the security configuration options of ssh such as:

• Port
• Permitting root login
• Authentication: password, ssh keys and beyond
• Port forwarding
• AllowGroups / DenyGroups
• Logging

For basic authentication, SSH supports password or self-generated ssh keys, but this is just the beginning. Authentication is a big part of SSH security with many different options, depending on your environment and level of integration with things like your PKI and Active Directory.

Sudo

The base layer of Linux – like UNIX – is monolithic in terms of privilege. You are either root or you’re not. There’s no in between and thus sudo was developed to granularly delegate privileged access. Instead of running commands directly, you prefix them with “sudo”. Sudo then compares your identity and the command you’ve specified to policies in the sudoers file. If permitted it uses system calls like setuid() to change effective user id – usually to root – and then executes the command. As with all security, the devil’s in the details. You can use sudo all day long but accomplish nothing in terms of security if the sudoers file is too permissive or configured incorrectly. We will look at how sudo works and the format of the sudoers file and other sudo configurations.

Securing privileged access on Linux doesn’t have to be complex—but it does require intentional configuration and an understanding of how SSH and Sudo work together to enforce strong security boundaries.

But it’s also important to understand that these are foundation tools built for a different time, so they do have limitations in the context of today’s risk landscape and enterprise scale.

SSH and sudo are the standards for most Linux administrators for accessing remote systems and managing root privileges on those systems. But these tools weren't designed for enterprise scale or for modern governance and compliance requirements. So BeyondTrust was the perfect sponsor for this real training for free session, and Patrick Schneider, Sr Solutions Architect, discusses how these tools are typically used by large enterprises today, and how companies can make improvements in their overall security by adjusting how they manage secure access to and privilege management on their Linux systems.