How to Use SSH SSO Proxy
See why customers choose Pleasant Password Server with a KeePass client
Here are the steps to setting up Single-Sign On for SSH using the Password Server Proxy.
Setup
Turn on your SSH SSO Server via SSO Server > SSO Server Status.
Web Client
The default settings should be fine unless there is further configuration required by your organization.
Setup an SSH Entry
Navigate to Home > Add Entry
Setup an entry in Password Server that contains appropriate credentials to log into the desired machine:
- Username must contain a valid username for the machine you want to connect to
- Password must correspond to Username
- Url must contain the Hostname or IP address for the machine you wish to connect, with the "SSH://" prefix. You may specify a port number in the Url as well, but if it is omitted, the proxy server will assume a default of port 22.
An example o f a credential set up for SSH proxy
Additionally, set a unique identifier for each credential that you wish to use for SSH SSO.
This is achieved under Actions > SSO. Enter in a unique identifier of your choice and hit Save.
To test whether or not your connection works select the entry you just created Actions > Launch SSO
Using an SSH Client with Password Server
As the end user, open an SSH client of your choice, for example Putty, and connect to the Password Server host, using the same port number configured in your SSO SSH settings (default: 22).
Putty (example)
Run Putty and click the copy button on the SSH setting window. The right click in the putty window and it will paste in the SSH Login shown above. Use that same user's password (that you would use to login to the password server) and you connection should be successful!
Trust Warning
The first time you connect, it is normal to see a warning message asking if you trust the host. Compare the RSA key reported by your SSH client to the key in global settings (under 'Password SSO SSH Server Host Key') if you wish to confirm that you are connecting to the correct host. An incorrect key indicates you are not connecting to the authorized server.
Select 'Yes' or 'No' to continue.
You will now be prompted for your login credentials. You will use your Password Server username and the unique identifier you configured earlier as your login name, in the format {Password Server username}:{unique identifier}.
For example, if your Password Server name is "Bob" and the unique identifier you configured is "ThisIsUnique", you would use the username Bob:ThisIsUnique to log in with SSH. Use the same password you use to log into Password Server.
Troubleshooting
SSH Security Access
The end user must have Security access to the SSO credential using an access level which has Use Via SSO set to true (Actions > Security).