Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Check back each week through April to learn something new about 8.5 and how it will increase your team’s overall security and productivity. This week we take a look at using Secret Server as a proxy for your SSH Launchers. Enjoy!
Secret Server’s SSH Proxy feature, added with version 8.5, allows increased security of the servers you connect to through SSH. This feature forces any SSH connection made through a Secret Server Launcher to be proxied through your Secret Server web server.
Proxing through Secret Server gives you two major benefits: The ability to enter just one IP address (your Secret Server IP) as an approved SSH connection for your servers and the opportunity for keystroke logging once an SSH session is initiated. This means that instead of including a number of your users’ client machine IP ranges, you can now specify your single Secret Server IP. Once sessions are initiated, you will also get enhanced session monitoring abilities through keystroke logs.
Configuring proxying in Secret Server is simple:
Specify your bind IP address, public host information, and port. Then create a banner to be displayed to users whenever they make an SSH connection through Secret Server. You have the option to provide a host private key or generate a new one.
If you want, you can enable an Inactivity Timeout to control how long a proxied Launcher session can remain idle before the connection is automatically closed.
Improved Session Monitoring
Whether your SSH Launchers use proxying or not, Session Monitoring (covered in Part 1 of our Introducing Secret Server 8.5 series) is a feature that will help you keep track of (and optionally, terminate) your users’ launched sessions.
However, proxying your SSH connections through Secret Server provides the added capability to record and then save or search through text from the SSH session.
Launchers compatible with SSH Proxying
The SSH Proxying feature applies to not only the PuTTY Launcher, but any custom Launchers you create, such as SecureCRT. Just select Proxied SSH Process as the Launcher type when configuring the custom Launcher in Secret Server.
Don’t worry, our Secret Server 8.5 blog post series is not over yet! Next week we’ll be covering changes to PowerShell.