"In this video, John Martinez shows how this policy requires MFA when connecting to production Linux servers via SSH. 👉 What exactly does this policy do? This policy helps contain attacks and persistent threats by enforcing an MFA prompt for privileged users before they are allowed to connect to production Linux servers. This requirement ensures that users must prove their identity, helping to prevent unauthorized access and reduce the risk of compromise from stolen credentials. 👉 Why it matters A common technique during a data breach is using stolen credentials, including SSH keys, to find areas where attackers can elevate their privileges. This is done to obtain access to compute resources to establish a command and control (C2) channel, execute malicious actions such as lateral movement, or deploy malware or back doors."
This policy requires MFA for connecting to production as a state servers.
I have a production SSH server session open.
I'm gonna go ahead and connect to it from the command line.
The SSH prompt is delivered to my mobile device. I'm gonna hit approve and I am in the Linux server.
