Book Demo!

Connecting to a Unix Host with Elevated Privileges

This Quick Take video demonstrates one of the fundamental Xton Access Manager (XTAM) function – connecting to a Unix host with elevated privileges without exposing credentials used to connect. The reason why this case is special is because in Unix environment for the security purposes it is typical to block the option to login to the system using account with elevated privileges (root) from remote location. The usual technique to access the operating system with this account is to remote in using a low privileged account first and issue a switch user command to the privileged account after login. In a generic case, the end user needs to know two sets of credentials: one is of the low privileged account to remote in and the other one is for the privileged account to switch to after remoting in.

XTAM manages this case automatically using special record type: Unix Host with SU. This record type allows host owners to configure a record about this host that contains two sets of credentials. When logging in XTAM will use the first set of credentials to remote to the destination host. XTAM will use the second set of credentials to switch to the account with elevated privileges.

Xton Privileged Account and Access Management Video Elevation of Privileges Unix Host switch user

Video Highlights

The video below demonstrates several key capabilities

  • Creating a record describing Unix Host with SU
  • Sharing a record with the ability to connect but without the option to see passwords
  • Connecting to a remote host to gain access to a Unix shell using privileged account without entering either of the two sets of credentials

The video itself is self-explanatory. However, below are several important focus points to highlight

  • Remote Unix console is displayed in the client browser directly using HTML5. There is no special software required on the client side including ActiveX, applets or anything else. The connection looks the same in any modern HTML5 browser on Windows or Linux desktop or mobile device. This approach simplifies deployment and maintenance of Xton Access Manager and provides better control over sessions.
  • Xtom Access Manager does not transmit the key used to connect to a remote console to the client browser. The credentials are used by Xton server to connect to a remote console but it never transferred to the client desktop.
  • The session could be recorded to play back by administrators or auditors later
  • An auditor or an administrator might join or terminate the session while it is in progress
  • A user might open multiple sessions to different remote computers or devices at the same time.
  • A user might be granted permissions to connect to a remote Unix console with or without recording a session. In this case the user might choose the connection type. Alternatively, a user might be granted permissions to connect to a remote computer with session recording only. In this case the only Connect button would be available for the user on the Xton GUI

 


Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

xton

Configuring Windows Server NLB for Multi-Node Deployment

Configuring Windows Server NLB for Multi-Node Deployment Architecture This article discusses details of Windows Network Load Balancer (NLB) configuration to balance two or more XTAM Server nodes. Earlier we discussed XTAM Server multi-node architecture built Read more…

Industry

The Challenge of Multi-Factor Authentication and Shared Accounts

Recently, I wrote about the importance of combining multi-factor authentication (MFA) and privileged access management. According to 2018 Global Password Security Report, 45% of organizations are already using two-factor authentication (2FA) and the 451 Group Read more…

xton

KuppingerCole Analyst Executive View of XTAM

As Xton Access Manager (XTAM) continues to grow in the Privileged Account Management space we are briefing popular analyst firms such as Gartner, KuppingerCole, Forrester and others about our capabilities and product roadmap.  If you Read more…

Copyright © 2020 Xton Technologies, LLC. All rights reserved.