Introducing Secret Server 8.5 Pt. 4: SSH Proxy
Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Check back each week through April to learn something new about 8.5 and how it will increase your team’s overall security and productivity. This week we take a look at using Secret Server as a proxy for your SSH Launchers. Enjoy!
Secret Server’s SSH Proxy feature, added with version 8.5, allows increased security of the servers you connect to through SSH. This feature forces any SSH connection made through a Secret Server Launcher to be proxied through your Secret Server web server.
Proxing through Secret Server gives you two major benefits: The ability to enter just one IP address (your Secret Server IP) as an approved SSH connection for your servers and the opportunity for keystroke logging once an SSH session is initiated. This means that instead of including a number of your users’ client machine IP ranges, you can now specify your single Secret Server IP. Once sessions are initiated, you will also get enhanced session monitoring abilities through keystroke logs.
Configuring proxying in Secret Server is simple:
Specify your bind IP address, public host information, and port. Then create a banner to be displayed to users whenever they make an SSH connection through Secret Server. You have the option to provide a host private key or generate a new one.
If you want, you can enable an Inactivity Timeout to control how long a proxied Launcher session can remain idle before the connection is automatically closed.
Improved Session Monitoring
Whether your SSH Launchers use proxying or not, Session Monitoring (covered in Part 1 of our Introducing Secret Server 8.5 series) is a feature that will help you keep track of (and optionally, terminate) your users’ launched sessions.
However, proxying your SSH connections through Secret Server provides the added capability to record and then save or search through text from the SSH session.
Launchers compatible with SSH Proxying
The SSH Proxying feature applies to not only the PuTTY Launcher, but any custom Launchers you create, such as SecureCRT. Just select Proxied SSH Process as the Launcher type when configuring the custom Launcher in Secret Server.
Don’t worry, our Secret Server 8.5 blog post series is not over yet! Next week we’ll be covering changes to PowerShell.
Latest posts by Thycotic Team (see all)
- Security Metrics Must Tell a Story That is Relevant to Your Business - September 6, 2016
- Predicting Potential Threat: Behavior Analytics & Threat Modeling - October 21, 2014
- (Video) Are You Following Password Best Practices? - September 23, 2014
4 thoughts on “Introducing Secret Server 8.5 Pt. 4: SSH Proxy”
Is/was Thycotic vulnerable to the Heartbleed bug that’s been making the news? I have the iOS version.
Hi Clara! Thanks for checking in. Fortunately, Thycotic’s services and products were never vulnerable to the Heartbleed OpenSSL bug. The full details are over on another blog post. Please let me know if anything is unclear, or if I can answer additional questions. ^KJ
Is SSH Proxying a Pro feature or is it included in the free version. I am using 8.5 and do not see an option for it under administration.
Hi Bruce, thanks for the comment and I apologize for the delay! SSH Proxying is supported in our Professional edition and up. Are you using our free version? Thank you, Jordan