How to Use SSH SSO Proxy

Table of contents
  1. 1. Setup  

Setup  

Turn on your SSH SSO Server via SSO Server > SSO Server Status.



Set up an entry in Password Server that contains appropriate credentials to log into the desired machine:

  • Username must contain a valid username for the machine you want to connect to
  • Password must correspond to Username
  • Url must contain the Hostname or IP address for the machine you wish to connect, with the "SSH://" prefix. You may specify a port number in the Url as well, but if it is omitted, the proxy server will assume a default of port 22.

     An example of a credential set up for SSH proxy

 

Additionally, you must set a unique identifier for each credential that you wish to use for SSH SSO. This is achieved under Actions > SSO. Enter in a unique identifier of your choice and hit Save.

 
The end user must have Security access to the SSO credential using an access level which has Use Via SSO set to true (Actions > Security).



 

As the end user, open up an SSH client of your choice (for example, Putty) and connect to the same hostname that your Password Server is hosted on. Use whatever port number is configured in the global settings (under 'Password SSO SSH Port'). The default port number is 22.

Putty (example)


Web Client

 

The first time you connect, it is normal to see a warning message asking if you trust the host. Compare the RSA key reported by your SSH client to the key in global settings (under 'Password SSO SSH Server Host Key') if you wish to confirm that you are connecting to the correct host. An incorrect key indicates you are not connecting to the authorized server.


Select 'Yes' or 'No' to continue.
 

 

You will now be prompted for your login credentials. You will use your Password Server username and the unique identifier you configured earlier as your login name, in the format {Password Server username}:{unique identifier}.

For example, if your Password Server name is "Bob" and the unique identifier you configured is "ThisIsUnique", you would use the username Bob:ThisIsUnique to log in with SSH. Use the same password you use to log into Password Server.

 

Tag page
You must login to post a comment.