Add an SSH Server with a Customer-Managed Key
This feature is currently in closed-access beta. Functionality and documentation may change. Contact your Customer Success Manager for more information.
An SSH server is a combination of a specific SSH destination and the credentials to access it. This guide describes how to set up an SSH server with your own key in the Admin UI.
Before you begin, you must ensure that the server you are attempting to add is accessible from the strongDM relay or gateway. You must have a properly functioning relay up and running, and it must be able to reach the target server before you can proceed. Setting up a relay is out of the scope of this guide, but for more information, see Relays.
Generate the Key
First generate your key.
Note that if you use the AWS Secret Key Generator in Wizard mode to generate your key, this can cause issues due to the line breaks it inserts. We recommend that if you use this generator, you do so in plaintext.
Add a Server in the Admin UI
- Log in to the Admin UI and select Infrastructure > Servers.
- Click the add server button.
- On the Add Server dialog, set the following properties in order to configure how the strongDM relay will connect to the server via SSH:
- Display Name (Required): Enter a meaningful name for this resource (e.g., 'testserver-01'). This name will show up in the Admin UI.
- Server Type (Required): Select SSH (Customer Managed Key).
- Hostname (Required): Enter the hostname or IP address to connect to (e.g.,
testserver-01.example.org). It is imperative that the relay server can connect to the entry that you choose for Hostname. To verify that it can connect, hop on the relay server, and from a command prompt, type
$ ping <YOUR_HOSTNAME>. If your relay can connect to this hostname, you will be able to proceed.
- Port (Required): Enter the port to connect to the resource (default: 22).
- Port Override: After a resource is created, the port override is automatically generated. A value between 1024-59999 is assigned as long as it is not used by another resource. You can optionally overwrite it with your own preferred port later in the Port Overrides settings.
- Secret Store: If a secret store integration is configured, select where the credentials for this resource will be stored.
- Username (Required): Enter the username that the relay will use to connect to the Server via SSH (e.g.,
- Private Key (Required): Paste in the key in either plaintext or Base64 encoding, or import the key.
- Allow Port Forwarding (Optional): Select the checkbox to enable port forwarding. Once enabled, SSH connections proxied by strongDM for this Server will accept local forwarding requests.
- Resource Tags (Optional): Assign tags to the Datasource by entering key-value pairs in the format
- Click create. After the server is created, the Admin UI updates and shows your new server in a yellow state, as it's not quite ready yet
- Click the pencil icon next to the server to reopen the Connection Details dialog.
Add Your Key to Your Hosts
If you have not already, add your public key to the targeted host.
Open a command prompt on the server you are adding and edit the authorized keys file for the user specified during server setup.sudo vi ~/.ssh/authorized_keys
Append the generated public key to the end of the file, save, and exit.
Back in the Admin UI, go to the Servers section and click the update button for the server you just added.
You should see that the server in the list goes to a gray mode while the configuration is being applied and then to a green mode to indicate a successful healthcheck.
If any errors occur, please copy them into an email and send them to email@example.com.