In this guide, we will see how to add an extra layer of security to Linux login using Ironchip.
Application
To add the application to the Ironchip control panel, go to the "Applications" section, click on "New application" and create a "Custom application".
-png.png?width=680&height=520&name=Untitled%20(11)-png.png)
Give it an identifying name, select "API KEY" type and download the document provided by the platform.
-png.png?width=620&height=599&name=Untitled%20(12)-png.png)
-png.png?width=654&height=272&name=Untitled%20(15)-png.png)
Granting access to users
- Go to the newly created service, click on "Options" and then "Add new access".
- Select the user or users who will use the service.
- Configure the username to match the Linux system username.
- Add from which location and with which devices they can access.
-png.png?width=680&height=529&name=Untitled%20(16)-png.png)
Installation
The first step is optional, it is only necessary in some cases. Install some dependencies with the following command:
sudo apt-get install libcurl4-openssl-dev libpam-dev uuid-dev
The next step is to create a folder in a secure location:
mkdir /usr/local/lib/security
And save the file "pam_ironchip_auth.so" inside, which will be provided by Ironchip.
mv pam_ironchip_auth.so /usr/local/lib/security/
The last step will be to go to the following location:
/etc/pam.d
Open with a text editor one of these files depending on the company's needs:
- sudo: authentication in the sudo command.
- sshd: authentication in the ssh service.
- gdm-password: authentication when logging into the computer.
- common-auth: authentication in all previous services.
And add the following code with the necessary data:
auth required **<<absolute path of the pam_ironchip_auth.so file>>** host=https://api.ironchip.com api_key=**<<found in the downloaded file>>**