Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 5.9.0 - Administration Guide

Preface Introduction The concepts of SPS The Welcome Wizard and the first login Basic settings User management and access control Managing SPS
Controlling SPS: reboot, shutdown Managing Safeguard for Privileged Sessions clusters Managing a high availability SPS cluster Upgrading SPS Managing the SPS license Accessing the SPS console Sealed mode Out-of-band management of SPS Managing the certificates used on SPS
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search (classic) interface Using the Search interface Searching session data on a central node in a cluster Advanced authentication and authorization techniques Reports The SPS RPC API The SPS REST API SPS scenarios Troubleshooting SPS Configuring external devices Using SCP with agent-forwarding Security checklist for configuring SPS Jumplists for in-product help Third-party contributions About us

Using inband destination selection in SSH connections

The following sections provide examples for using inband destination selection to establish an SSH connection, including scenarios where nonstandard ports or gateway authentication is used.

Since some client applications do not permit the @ and : characters in the username, therefore alternative characters can be used as well:

  • To separate the username and the target server, use the @ or % characters, for example: username%targetserver@scb_address

  • To separate the target server and the port number, use the :, +, or / characters, for example: username%targetserver+port@scb_address

For detailed instructions on configuring inband authentication, see Configuring inband destination selection.

Using inband destination selection with PuTTY

To establish an SSH connection through SPS with PuTTY, follow these steps:

  1. Enter the username, the target server's hostname (or IP address), and the hostname (or IP address) of SPS using the <username>@<server>@<scb> format in PuTTY

    Example:

    Assuming the following values:

    • The username is training1

    • The target server is linux.training.example

    • The SPS server is scb

    You can enter the following destination in PuTTY:

    training1@linux.training.example@scb

    Figure 266: Configuring SSH inband destination in PuTTY

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) of SPS in PuTTY.

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) using the <username>@<server> format.

Using inband destination selection with OpenSSH

To establish an SSH connection through SPS, follow these steps:

  1. Enter the following command:

    # ssh <username>@<server>@<scb>

    ...where <username> is the username, <server> is the target server's hostname (or IP address), and <scb> is the hostname (or IP address) of SPS

    Example:

    Assuming the following values:

    • The username is training1

    • The target server is linux.training.example

    • The SPS server is scb

    You can enter the following command:

    # ssh training1@linux.training.example@scb

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) of SPS:

      # ssh <scb>

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) using the <username>@<server> format

Using inband selection and nonstandard ports with PuTTY

The following steps provide instructions for establishing SSH connections with servers that are listening on a non-standard port (the Inband destination selection > Targets > Port option is not 22), and the port number targeted by the clients is also a non-standard port (the To > Port option of the Connection Policy).

  1. Enter the following in PuTTY:

    1. In the Host Name field, enter the username on the target server, the target server's hostname (or IP address) and port number, and the hostname (or IP address) of SPS in the <username>@<server>:<port>@<scb> format

    2. In the Port field, enter the port number of the SPS server

    Example:

    Assuming the following values:

    • The username is training1

    • The target server is 192.168.60.100

    • The target server is listening on port 2121

    • The SPS server is scb

    • The SPS server is listening on port 4444

    You can enter the following destination hostname in PuTTY:

    training1@192.168.60.100:2121@scb

    Also change the destination port to the SPS server's port number:

    4444

    Figure 267: Configuring SSH inband destination for nonstandard ports in PuTTY

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) and port number of SPS in PuTTY.

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) and port number using the <username>@<server>:<port> format.

Related Documents