Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.4.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Using inband selection and nonstandard ports with PuTTY

The following steps provide instructions for establishing SSH connections with servers that are listening on a non-standard port (the Inband destination selection > Targets > Port option is not 22), and the port number targeted by the clients is also a non-standard port (the To > Port option of the Connection Policy).

  1. Enter the following in PuTTY:

    1. In the Host Name field, enter the username on the target server, the target server's hostname (or IP address) and port number, and the hostname (or IP address) of One Identity Safeguard for Privileged Sessions (SPS) in the <username>@<server>:<port>@<scb> format

      If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

    2. In the Port field, enter the port number of the SPS server

    Example

    Assuming the following values:

    • The username is training1

    • The target server is 192.168.60.100

    • The target server is listening on port 2121

    • The SPS server is scb

    • The SPS server is listening on port 4444

    You can enter the following destination hostname in PuTTY:

    training1@192.168.60.100:2121@scb

    Also change the destination port to the SPS server's port number:

    4444

    Figure 294: Configuring SSH inband destination for nonstandard ports in PuTTY

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) and port number of SPS in PuTTY.

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) and port number using the <username>@<server>:<port> format.

Using inband selection and nonstandard ports with OpenSSH

The following steps provide instructions for establishing SSH connections with servers that are listening on a non-standard port (the Inband destination selection > Targets > Port option is not 22), and the port number targeted by the clients is also a non-standard port (the To > Port option of the Connection Policy).

  1. Enter the following command:

    # ssh -p <scb_port> <username>@<server>:<port>@<scb>

    ...where <scb_port> is the port number of One Identity Safeguard for Privileged Sessions (SPS), <username> is the username on the target server, <server:port> is the target server's hostname (or IP address), <port> is the target server's port number, and <scb> is the hostname (or IP address) of SPS.

    If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

    Example

    Assuming the following values:

    • The username is training1

    • The target server is 192.168.60.100

    • The target server is listening on port 2121

    • The SPS server is scb

    • The SPS server is listening on port 4444

    You can enter the following command:

    # ssh -p 4444 training1@192.168.60.100:2121@scb

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) and port number of SPS with the following command:

      # ssh -p <scb_port> <scb>

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) and port number using the <username>@<server>:<port> format.

Using inband destination selection and gateway authentication with PuTTY

SPS can authenticate users attempting to establish an SSH connection against a gateway (see Configuring gateway authentication for more details). You can provide the gateway login credentials in PuTTY:

  1. Enter the gateway username, the username on the target server, the target server's hostname (or IP address), and the hostname (or IP address) of One Identity Safeguard for Privileged Sessions (SPS) in the gu=<gatewayusername>@<username>@<server>@<scb> format in PuTTY

    If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

    Example

    Assuming the following values:

    • The gateway username is training1

    • The username on the target server is root

    • The target server is 192.168.60.100

    • The SPS server is scb

    You can enter the following destination in PuTTY:

    gu=training1@root@192.168.60.100@scb

    Figure 295: Configuring SSH inband destination and gateway authentication in PuTTY

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) of SPS in PuTTY.

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) using the <username>@<server> format.

    3. When prompted, provide the gateway username.

Using inband destination selection and gateway authentication with OpenSSH

One Identity Safeguard for Privileged Sessions (SPS) can authenticate users attempting to establish an SSH connection against a gateway (see Configuring gateway authentication for more details). The following steps explain how you can provide the gateway login credentials:

  1. Enter the following command:

    # ssh gu=<gatewayusername>@<username>@<server>@<scb>

    ...where <gatewayusername> is the gateway username, <username> is the username on the target server, <server> is the target server's hostname (or IP address), and <scb> is the hostname (or IP address) of SPS.

    If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.

    Example

    Assuming the following values:

    • The gateway username is training1

    • The username on the target server is root

    • The target server is 192.168.60.100

    • The SPS server is scb

    You can enter the following command:

    # ssh gu=training1@root@192.168.60.100@scb

  2. Alternative approach:

    1. Enter only the hostname (or IP address, depending on your configuration) of SPS with the following command:

      # ssh <scb>

    2. At the login prompt, provide the username on the target server, and the target server's hostname (or IP address) using the <username>@<server> format.

    3. When prompted, provide the gateway username.

Related Documents