+1-202-802-9399 U.S. Headquarters

Thycotic’s CyberSecurity Publication


Introducing Secret Server 8.5 Pt. 4: SSH Proxy

April 10th, 2014



Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Check back each week through April to learn something new about 8.5 and how it will increase your team’s overall security and productivity. This week we take a look at using Secret Server as a proxy for your SSH Launchers. Enjoy!

Secret Server’s SSH Proxy feature, added with version 8.5, allows increased security of the servers you connect to through SSH. This feature forces any SSH connection made through a Secret Server Launcher to be proxied through your Secret Server web server.

Proxing through Secret Server gives you two major benefits: The ability to enter just one IP address (your Secret Server IP) as an approved SSH connection for your servers and the opportunity for keystroke logging once an SSH session is initiated. This means that instead of including a number of your users’ client machine IP ranges, you can now specify your single Secret Server IP. Once sessions are initiated, you will also get enhanced session monitoring abilities through keystroke logs.

Configuring proxying in Secret Server is simple:

Specify your bind IP address, public host information, and port. Then create a banner to be displayed to users whenever they make an SSH connection through Secret Server. You have the option to provide a host private key or generate a new one.

If you want, you can enable an Inactivity Timeout to control how long a proxied Launcher session can remain idle before the connection is automatically closed.

SSH Proxy Configuration

Improved Session Monitoring

Whether your SSH Launchers use proxying or not, Session Monitoring (covered in Part 1 of our Introducing Secret Server 8.5 series) is a feature that will help you keep track of (and optionally, terminate) your users’ launched sessions.

SSH Proxy

However, proxying your SSH connections through Secret Server provides the added capability to record and then save or search through text from the SSH session.

SSH Session Data

Launchers compatible with SSH Proxying

The SSH Proxying feature applies to not only the PuTTY Launcher, but any custom Launchers you create, such as SecureCRT. Just select Proxied SSH Process as the Launcher type when configuring the custom Launcher in Secret Server.

Don’t worry, our Secret Server 8.5 blog post series is not over yet! Next week we’ll be covering changes to PowerShell.

The following two tabs change content below.
We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.

4 thoughts on “Introducing Secret Server 8.5 Pt. 4: SSH Proxy”

  1. Is/was Thycotic vulnerable to the Heartbleed bug that’s been making the news? I have the iOS version.

    Comment by Clara on April 11, 2014 at 2:42 am

  2. Hi Clara! Thanks for checking in. Fortunately, Thycotic’s services and products were never vulnerable to the Heartbleed OpenSSL bug. The full details are over on another blog post. Please let me know if anything is unclear, or if I can answer additional questions. ^KJ

    Comment by Thycotic Team on April 12, 2014 at 5:38 pm

  3. Is SSH Proxying a Pro feature or is it included in the free version. I am using 8.5 and do not see an option for it under administration.

    Comment by Bruce on May 23, 2014 at 7:16 pm

  4. Hi Bruce, thanks for the comment and I apologize for the delay! SSH Proxying is supported in our Professional edition and up. Are you using our free version? Thank you, Jordan

    Comment by Jordan True on July 31, 2015 at 2:03 pm

Leave a Reply