Blog

  • Introducing Secret Server 8.5 Pt. 4: SSH Proxy

    Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Check back each week through April to learn something new about 8.5 and how it will increase your team’s overall security and productivity. This week we take a look at using Secret Server as a proxy for your SSH Launchers. Enjoy!

    Secret Server’s SSH Proxy feature, added with version 8.5, allows increased security of the servers you connect to through SSH. This feature forces any SSH connection made through a Secret Server Launcher to be proxied through your Secret Server web server.

    Proxing through Secret Server gives you two major benefits: The ability to enter just one IP address (your Secret Server IP) as an approved SSH connection for your servers and the opportunity for keystroke logging once an SSH session is initiated. This means that instead of including a number of your users’ client machine IP ranges, you can now specify your single Secret Server IP. Once sessions are initiated, you will also get enhanced session monitoring abilities through keystroke logs.

    Configuring proxying in Secret Server is simple:

    Specify your bind IP address, public host information, and port. Then create a banner to be displayed to users whenever they make an SSH connection through Secret Server. You have the option to provide a host private key or generate a new one.

    If you want, you can enable an Inactivity Timeout to control how long a proxied Launcher session can remain idle before the connection is automatically closed.

    SSHProxy

    Improved Session Monitoring

    Whether your SSH Launchers use proxying or not, Session Monitoring (covered in Part 1 of our Introducing Secret Server 8.5 series) is a feature that will help you keep track of (and optionally, terminate) your users’ launched sessions.

    SSHProxy

    However, proxying your SSH connections through Secret Server provides the added capability to record and then save or search through text from the SSH session.

    SSHProxy

    Launchers compatible with SSH Proxying

    The SSH Proxying feature applies to not only the PuTTY Launcher, but any custom Launchers you create, such as SecureCRT. Just select Proxied SSH Process as the Launcher type when configuring the custom Launcher in Secret Server.

    Don’t worry, our Secret Server 8.5 blog post series is not over yet! Next week we’ll be covering changes to PowerShell.

    Leave a reply →
  • Posted by Clara on April 11, 2014, 2:42 am

    Is/was Thycotic vulnerable to the Heartbleed bug that’s been making the news? I have the iOS version.

    Reply →
    • Posted by Thycotic Team on April 12, 2014, 5:38 pm
      in reply to Clara

      Hi Clara! Thanks for checking in. Fortunately, Thycotic’s services and products were never vulnerable to the Heartbleed OpenSSL bug. The full details are over on another blog post. Please let me know if anything is unclear, or if I can answer additional questions. ^KJ

      Reply →
  • Posted by Bruce on May 23, 2014, 7:16 pm

    Is SSH Proxying a Pro feature or is it included in the free version. I am using 8.5 and do not see an option for it under administration.

    Reply →

Leave a reply

Cancel reply