GuardianKey for SSH

Your SSH most secure!
SSH plugin available in .deb and .rpm packages
Easy deployment, just install and use!

How the plugin works

The GuardianKey plugin for SSH sends events to the GuardianKey engine on each login attempt.

GuardianKey returns a risk level and a suggested action (ACCEPT, NOTIFY, HARD-NOTIFY, or BLOCK).

The plugin can notify your users about accesses in their accounts. Also, high-risk attempts can be blocked.

Notified users can tell if the attempts were legitimate or not. In the affirmative case, GuardianKey learns for future analysis, otherwise, your security team can be notified.

Protect against attacks

Brute force

Innovative brute force detection method.

Account takeover

Contextual and behavioral data are used to identify users.

Automated attacks

Threat intelligence, contextual and behavioral data are used.

Anonymization

Anonymization proxies are listed in the threat intel database.

Credential stuffing

Block authentication attempts even if the password matches.

Password guessing

Approach to detect and block password guessing.

Plugin deployment

  • Just do download of .deb or .rpm package, according with your distro, and install. Example:
    Ubuntu/Debian
    # wget https://github.com/pauloangelo/guardiankey-ssh/raw/master/guardiankey-ssh_1.0-2.deb
    # apt install ./guardiankey-ssh_1.0-2.deb
    RHEL/CentOS 7
    # yum install https://github.com/pauloangelo/guardiankey-ssh/raw/master/guardiankey-ssh-1-0.noarch.rpm
  • After, you need create an account in GuardianKey. You can visit https://panel.guardiankey.io.

The plugin is available in Github:

https://github.com/pauloangelo/guardiankey-ssh

Using the plugin

Resources

  • You just need configure /etc/guardiankey/gk.conf file.

  • Then you need start the service. Example:
    # systemctl enable --now guardiankey-ssh