How to Use SSH SSO Proxy

Here are the steps to setting up Single-Sign On for SSH using the Password Server Proxy.

Setup

Turn on your SSH SSO Server via SSO Server > SSO Server Status.

Web Client
SSH-SSO-Settings-pic.png

Setup an SSH Entry

Setup an entry in Password Server that contains appropriate credentials to log into the desired machine:

  • Username must contain a valid username for the machine you want to connect to
  • Password must correspond to Username
  • Url must contain the Hostname or IP address for the machine you wish to connect, with the "SSH://" prefix. You may specify a port number in the Url as well, but if it is omitted, the proxy server will assume a default of port 22.

     An example of a credential set up for SSH proxy

 

Additionally, set a unique identifier for each credential that you wish to use for SSH SSO.

This is achieved under Actions > SSO. Enter in a unique identifier of your choice and hit Save.

SSH Security Access

The end user must have Security access to the SSO credential using an access level which has Use Via SSO set to true (Actions > Security).

Using an SSH Client with Password Server

As the end user, open an SSH client of your choice, for example Putty, and connect to the Password Server host, using the same port number configured in your SSO SSH settings (default: 22).


Putty (example)

Trust Warning

The first time you connect, it is normal to see a warning message asking if you trust the host. Compare the RSA key reported by your SSH client to the key in global settings (under 'Password SSO SSH Server Host Key') if you wish to confirm that you are connecting to the correct host. An incorrect key indicates you are not connecting to the authorized server.


Select 'Yes' or 'No' to continue.
 

 

You will now be prompted for your login credentials. You will use your Password Server username and the unique identifier you configured earlier as your login name, in the format {Password Server username}:{unique identifier}.

For example, if your Password Server name is "Bob" and the unique identifier you configured is "ThisIsUnique", you would use the username Bob:ThisIsUnique to log in with SSH. Use the same password you use to log into Password Server.

 

Tag page
You must login to post a comment.