Connect to SSH Servers

There are three different ways to connect to SSH servers with StrongDM:

Use the CLI
Connect with ssh as an alias for sdm
Connect directly with ssh using the mapped port

To connect to SSH servers using Windows and the CLI, you must follow the instructions for mapped ports.

Use the StrongDM Binary

Directly

You can connect to any accessible server simply by using sdm ssh <servername>. This command also attempts to complete <servername> as long as you use a unique substring of a valid server.

$ sdm status
     DATASOURCE NAME           STATUS            PORT      TYPE
     Customer DB RO            not connected     5432      postgres
     Document DB               not connected     27017     mongo

     SSH SERVER                STATUS            PORT      TYPE
     bastion01                 not connected     60672     ssh
     deployment04              not connected     60834     ssh
$ sdm ssh bas
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1026-aws x86_64)
Last login: Thu Jun 14 16:12:48 2018 from 127.0.0.1
ubuntu@bastion01:~$

Note that it is not necessary to run either the sdm connect or sdm disconnect commands for this resource except in specific instances.

Make an alias

The easiest way to use SSH with StrongDM is to add the StrongDM aliases to your shell profile.

Type sdm ssh alias to get the required aliases; they map ssh and scp to use the StrongDM binary.

sdm ssh alias 
# Run this in the command line, or add the following to $HOME/.bashrc
alias ssh="/usr/local/bin/sdm ssh wrapped-run"
alias scp="scp -S'/usr/local/bin/sdm' -osdmSCP"

Run the resulting lines on the prompt and/or add them to $HOME/.bashrc or the equivalent for your shell.
Start a new shell and test by connecting to an SSH server: ssh <servername>.

This does not interrupt anything you have defined via straight SSH. It first checks StrongDM, and if nothing exists, defaults to your standard path.

Use the Mapped Port

Just like connecting to databases, you can connect directly to the mapped server ports using ssh.

Open a connection to the server by clicking on its name in the desktop app, or via the sdm connect <SERVER_NAME> command. For example: sdm connect server01
Note the port assigned to the server in the desktop app or listed under sdm status.
Connect via the ssh localhost -p <PORT> command. For example: ssh localhost -p 14213

Windows 10/11

Windows 10 and 11 come with OpenSSH installed by default, but the executable is not where sdm looks for it by default. In order to use sdm ssh commands, you must copy ssh.exe from C:\Windows\System32\OpenSSH\ssh.exe to C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\ssh.exe.

Troubleshooting

Some versions of particular Linux distributions include changed requirements for a higher key size than OpenSSH requires and the StrongDM driver provides. In this case, you can still connect to StrongDM SSH resources by adding the RSAMinSize or RequiredRSASize parameter (whichever is used in your distro).

sdm ssh <target-host> -o RSAMinSize=1024

Last updated 16 days ago

Was this helpful?