SSH setup
SSH is a secure shell that allows direct access to the command prompt. With the proper configuration, you can use SSH to connect to servers enrolled inAdvanced Server Access by entering the commandssh <hostname>
Use ProxyCommand withAdvanced Server Access
OpenSSH ProxyCommand is the recommended method of using SSH withAdvanced Server Access. It requires configuring the local SSHclient, which then lets you use normal SSH workflows withAdvanced Server Access.
To configure the SSHclient, runsft ssh-config
This command outputs an SSH configuration block. Append this block to your SSH configuration file (usually~/.ssh/config). You can append the configuration to your file in one step by using the commandsft ssh-config >> ~/.ssh/config
Now runningsft login opens anAdvanced Server Access session. This authorizes your SSHclient to request credentials and query metadata from theAdvanced Server Access server inventory.
Advanced Server Access may encounter issues when using ProxyCommand on Windows devices if the client is installed in a directory that includes a space in the name. This happens if the client was installed system-wide, or installed by a user with a space in their username.
To resolve this issue, edit the .ssh/config file to include the 8.3 formatted path where the client is installed. For example if the client was installed atC:\Program Files (x86)\Scaleft\sft.exe, users would addC:\PROGRA~2\ScaleFT\sft.exe to .ssh/config file. Users can identify the 8.3 directory name with thedir /x command.
Use sft ssh
In environments where OpenSSH ProxyCommand is not available,sft ssh can be used instead. This command can be helpful when testing new configurations inAdvanced Server Access, since you can easily passAdvanced Server Access-specific arguments to it, such as--via
You connect to a server by runningsft ssh <hostname> For example, to connect to web0.example.com, you'd use the commandsft ssh web0.example.com
You can see a list of available servers by running the commandsft list-servers
UseAdvanced Server Access with SSH bastions
There are many environments where you can't reach hosts directly, but instead musttraverse through a bastion or gateway host.Advanced Server Access makes it easy and secure to use bastions.
Advanced Server Access transparently enables SSH best practices for traversing bastion hops securely. Every connection between your SSHclient and the target host, including bastion connections, is end-to-end encrypted, mutually authenticated, and authorized with ephemeralclient certificates.
You can add a bastion hop by passing the--via command line option tosft ssh. For example, to add bastion.example.com as a bastion hop to web0.example.com, you'd enter the command:sft ssh --via bastion.example.com web0.example.com
Bastions can be configured to be used consistently by configuring theagent on the target host. When a bastion is specified in anagent'ssftd.yaml configuration file, (for example,Bastion: bastion.example.com), the bastion will always be used when users connect to that server.
SeeConfigure and use the Advanced Server Access agent.
For example, if you specify a bastion in the configuration file of theAdvanced Server Accessagent on web0.example.com, then the bastion will always be used when you use the commandssh web0.example.com