Phone Number +1-202-802-9399 (US)


Limit use of ssh session commands

Create a command allowlist to limit the types of commands allowed on unix systems.


Root accounts on unix systems are extremely powerful, allowing complete administrative control over the system. Additionally, Sudo or Su commands can be used, even by standard accounts, to gain elevated privileges on that system. It’s important to maintain control over the commands used on target unix based systems. More organizations are leveraging the power of unix systems for several tasks from development to data processing, and often these systems are heavily tied into critical and sensitive data.


Compromise of these systems could become catastrophic for organizations, and as such, it’s important to ensure local root accounts are discovered, protected, controlled, and managed. Additionally, it’s also important to continue your progress toward Least Privilege by ensuring that the use of powerful commands (such as Sudo or Su) are limited in use.


SSH Command Control allows your Security and IT leaders to establish an approved list of commands that each user is allowed to enter during an active SSH Session. If you want to allow users to access a Unix system, but do not want them to use the Sudo command, you can accomplish this with this add-on feature to Secret Server.

TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use!
Start your free trial of Secret Server using the trial form,
or view Secret Server’s full list of user-friendly features.

Additional Information

SSH Command Control is part of the Unix Protection add-on pack for Secret Server.

SSH Command Control provides an integrated Secret Server security solution that enables you to control and monitor the commands super users can run based on their role and required tasks.

  • Minimizes the use of privileged rights and enforces least privilege policies for superuser rights.
  • Replaces siloed sudo configuration files with an enterprise-ready, scalable security solution with audit capabilities.
  • Restricts commands based on defined policies and limited superuser permissions, reducing the risk of misuse, abuse or accidental error.
  • Provides complete management, monitoring, recording and secure single-sign-on for Secret Server privileged accounts.
  • Easily delegate and revoke privileged UNIX administration without having to manage sudo files or allow full root access.

If you like this feature, take a look at our SSH Key Management feature too >

Start Your 30-Day Free Trial

Secret Server full-featured solution

By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

See comprehensive feature list