There used to be a SaaS offering called “_cmd” that was supposed to pre-authorize privileged commands on Linux servers. (I don’t know if it supported FreeBSD.)
Here is how it is described on the “Works with Yubikeys” page on the Yubico website:
——-
Cmd
Cmd enables pre-execution control with YubiKey support on sessions, file changes, and commands, on any Linux server in your network. Some of the world’s leading companies use Cmd to protect themselves against insider threats, privileged access abuse, and system attacks in Linux production workloads.Cmd offers defense in depth security for your organization’s Linux environment. Log, understand, and control user activity with Cmd’s powerful yet easy to use platform.Cmd allows you to control any action, session or execution — even for privileged accounts. Cmd integrates with Yubco to allow you to add a simple but effective layer of defense.By supporting Yubico One Time Password, Cmd enables users to leverage YubiKey hardware for easy to use, one-touch two-factor authentication (2FA) to secure their account.
——-
Sadly, they seem to have gone out of business before I got a chance to look at their website. And with a common name like “cmd”, it is almost impossible to search for information about them on the web.
(It’s always good to think about how people will find you in search engines. I used to work for a company named “Computer Associates”. They decided to rename themselves to “CA”. But then they discovered that if you search for “CA”, you get Canada and California before you get the company. So the had to change the name to “CA Technology”.)
Does anyone know anything about the _cmd offering? I am intrigued by it because it seems like requiring connectivity to a site in the cloud to do privileged commands could by a real problem when you are having connectivity issues. I am curious how they solved that issue. (Or maybe that is why they are out of business?)
Thanks!