# Network Device Management StrongDM network device management allows your organization to modernize and secure privileged access to your network in on-premises environments. Users managed within StrongDM or through your identity provider can be granted access to network devices such as routers, switches, and other physical hardware devices. Any device that typically requires a username and password or a certificate and can be connected to via SSH can be managed in this way. Managing access to these devices with StrongDM provides you with a way to enable users that need access to have it when they need it, to easily revoke unnecessary access, and to audit actions along the way. These tools, along with using best practice security measures, can help to improve security by preventing users from using unsecured local account credentials to access network infrastructure. This article describes how to set up network device management. * **Least Privilege**: For network devices, least privilege can be accomplished by setting up multiple instances of the device as StrongDM resources. Each resource would connect using a different set of credentials with different permissions granted to it. * **Just-in-Time Access**: StrongDM users are able to use any access workflows you set up to request access to your network devices, allowing you the choice between granting Just-in-Time (JIT) access with requests or providing standing access to particular users or roles within your StrongDM organization. For more details, see the [Access Workflows](https://docs.strongdm.com/admin/access/access-workflows) section. {% hint style="info" %} To avoid confusion during access requests, if there are multiple network devices in StrongDM, it may be useful to name them in such a way that indicates the level of access, so that users know the name of the resource to request. {% endhint %} * **Context-Based Policy**: StrongDM policies that restrict or enable users' ability to connect to network devices based on their context can be used to limit availability of your devices to users in particular geographic locations or with good device trust scores. Policies can also be used to provide an MFA challenge prior to connection, and help solve for many more use cases. For more details, see the [Policies](https://docs.strongdm.com/admin/access/policies) section. ### Prerequisites * Admin permission level for your StrongDM user * Access credentials for the network device in question ### Configuration Follow the SSH resource configuration guide that corresponds with the type of authentication that you use to access your network device. * For network devices with username/password authentication, use the [SSH (Username/Password)](https://docs.strongdm.com/admin/resources/servers/ssh-password-auth) resource type. * For network devices with certificate authentication, use the [SSH (Certificate Auth](https://docs.strongdm.com/admin/resources/servers/ssh-certificate-auth) resource type. ### Logs For logs of access to the resource in the Admin UI: * **Activities** will provide authentication records for the resource. * **Queries** will provide all of the queries of users. * **SSH** will provide SSH replays of user sessions. ### CLI Usage For instructions on how to interact with the configured resource from the command line, users should see the [Connect to SSH Servers](https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/connect/connect-ssh) guide. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/resources/servers/network-devices.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.