How to Use SSH SSO Proxy

Here are the steps to setting up Single-Sign On for SSH using the Password Server Proxy.

Setup

Turn on your SSH SSO Server via SSO Server > SSO Server Status.

Web Client

 

SSH SSO Settings pic

The default settings should be fine unless there is further configuration required by your organization.

Setup an SSH Entry

Navigate to Home > Add Entry

Setup an entry in Password Server that contains appropriate credentials to log into the desired machine:

 

 

Additionally, set a unique identifier for each credential that you wish to use for SSH SSO.

This is achieved under Actions > SSO. Enter in a unique identifier of your choice and hit Save.

Unique Identifier

To test whether or not your connection works select the entry you just created Actions > Launch SSO

SSO SSH Connection

Using an SSH Client with Password Server

As the end user, open an SSH client of your choice, for example Putty, and connect to the Password Server host, using the same port number configured in your SSO SSH settings (default: 22).


Putty (example)

Putty Example

Run Putty and click the copy button on the SSH setting window. The right click in the putty window and it will paste in the SSH Login shown above. Use that same user's password (that you would use to login to the password server) and you connection should be successful!

Trust Warning

The first time you connect, it is normal to see a warning message asking if you trust the host. Compare the RSA key reported by your SSH client to the key in global settings (under 'Password SSO SSH Server Host Key') if you wish to confirm that you are connecting to the correct host. An incorrect key indicates you are not connecting to the authorized server.


Select 'Yes' or 'No' to continue.
 

Putty Warning

 

You will now be prompted for your login credentials. You will use your Password Server username and the unique identifier you configured earlier as your login name, in the format {Password Server username}:{unique identifier}.

For example, if your Password Server name is "Bob" and the unique identifier you configured is "ThisIsUnique", you would use the username Bob:ThisIsUnique to log in with SSH. Use the same password you use to log into Password Server.

 

Success

 

Troubleshooting

Proxy

SSH Security Access

The end user must have Security access to the SSO credential using an access level which has Use Via SSO set to true (Actions > Security).

SHH Security Access

Full Access