Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.4.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Organizing connections based on alias IP addresses

To allow the administrators to access protected servers by connecting to an alias IP address of One Identity Safeguard for Privileged Sessions (SPS). The alias IP address determines which server they will access. Organizing connections based on alias IP addresses is advantageous if SPS is connected to a private network and many private IP addresses are available.

NOTE:

Do not use the listening addresses configured for web login. For more details, see Configuring user and administrator login addresses.

To organize connections based on alias IP addresses

  1. Navigate to Basic Settings > Network.

  2. Set up a logical interface: click and configure a new logical interface. Add alias IP addresses for every protected server. (Use a different IP address for each.)

    For more information on configuring logical interfaces and alias IP addresses, see Managing logical interfaces.

  3. Navigate to SSH Control > Connections.

  4. Add a new connection. Enter the IP address of the administrators into the From fields, and the IP address and port number of the target server into the Target field.

  5. Enter an alias IP address of the configured logical interface of SPS into the To field.

  6. Repeat Steps 4-5 for every protected server, but every time use a different alias IP address in Step 5.

  7. Click Commit.

Using inband destination selection in SSH connections

The following sections provide examples for using inband destination selection to establish an SSH connection, including scenarios where nonstandard ports or gateway authentication is used.

Since some client applications do not permit the @ and : characters in the username, alternative characters can be used as well:

  • To separate the username and the target server, use the @ or % characters, for example: username%targetserver@scb_address

  • To separate the target server and the port number, use the :, +, or / characters, for example: username%targetserver+port@scb_address

  • If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

For detailed instructions on configuring inband authentication, see Configuring inband destination selection.

Topics:

Using inband destination selection with PuTTY

To establish an SSH connection through One Identity Safeguard for Privileged Sessions (SPS) with PuTTY, follow one of the methods:

Common method

To establish the SSH-connection using the most common method, enter the username, the target server's hostname (or IP address), and the hostname (or IP address) of SPS using the <username>@<server>@<scb> format in PuTTY.

If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

Example

Assuming the following values:

  • The username is training1

  • The target server is linux.training.example

  • The SPS server is scb

You can enter the following destination in PuTTY:

training1@linux.training.example@scb

Figure 293: Configuring SSH inband destination in PuTTY

Alternative method

To establish the SSH-connection using a different method,

  1. Enter only the hostname (or IP address, depending on your configuration) of SPS in PuTTY.

  2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) using the <username>@<server> format.

Using inband destination selection with OpenSSH

To establish an SSH connection through One Identity Safeguard for Privileged Sessions (SPS), follow these steps:

  1. Enter the following command:

    # ssh <username>@<server>@<scb>

    ...where <username> is the username, <server> is the target server's hostname (or IP address), and <scb> is the hostname (or IP address) of SPS.

    If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

    Example

    Assuming the following values:

    • The username is training1

    • The target server is linux.training.example

    • The SPS server is scb

    You can enter the following command:

    # ssh training1@linux.training.example@scb

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) of SPS:

      # ssh <scb>

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) using the <username>@<server> format

Related Documents