Close
logodocs

Add an SSH Server with a Customer-Managed Key

An SSH server is a combination of a specific SSH destination and the credentials to access it. This guide describes how to set up an SSH Server with your own key in the Admin UI.

Prerequisites

Before you begin, ensure that the server you are attempting to add is accessible from the strongDM relay or gateway. You must have a properly functioning relay up and running, and it must be able to reach the target server before you can proceed. Setting up a relay is out of the scope of this guide, but for more information, see Relays.

Steps

Generate the Key

First generate your key.

Note that if you use the AWS Secret Key Generator in Wizard mode to generate your key, this can cause issues due to the line breaks it inserts. We recommend that if you use this generator, you do so in plaintext.

Add a server in the Admin UI

  1. Log in to the Admin UI and go to Infrastructure > Servers.

  2. Click the Add server button.

  3. On the Add Server dialog, set the following properties in order to configure how the strongDM relay connects to the server via SSH:

    SSH (Customer Managed Key) Server Dialog
    SSH (Customer Managed Key) Server Dialog
    1. Display Name (Required): Enter a meaningful name for this resource, such as testserver-01. This name is shown in the Admin UI.
    2. Server Type (Required): Select SSH (Customer Managed Key).
    3. Hostname (Required): Enter the hostname or IP address to which to connect, such as testserver-01.example.org. It is imperative that the relay server can connect to the entry that you choose for Hostname. To verify that it can connect, hop on the relay server, and from a command prompt, type $ ping <YOUR_HOSTNAME>. If your relay can connect to this hostname, you can proceed.
    4. Port (Required): Enter the port to connect to the resource (default: 22).
    5. Port Override: After a resource is created, the port override is automatically generated. A value between 1024-59999 is assigned as long as it is not used by another resource. You can optionally overwrite it with your own preferred port later in the Port Overrides settings.
    6. Secret Store: If a Secret Store integration is configured, select where the credentials for this resource are stored.
    7. Username (Required): Enter the username, such as bob.belcher, that the relay uses to connect to the server via SSH.
    8. Private Key (Required): Paste in the key in either plaintext or Base64 encoding, or import the key.
    9. Allow Port Forwarding (Optional): Select the checkbox to enable port forwarding. Once enabled, SSH connections proxied by strongDM for this server accept local forwarding requests.
    10. Resource Tags (Optional): Assign tags to the resource by entering key-value pairs in the format <KEY>=<VALUE>, such as env=dev.
  4. Click create. After the server is created, the Admin UI updates, showing your server in a pending yellow state.

  5. Click the pencil icon next to the server to reopen the Connection Details dialog.

Add your key to your hosts

If you have not already, add your public key to the targeted host.

  1. Open a command prompt on the server you are adding and edit the authorized keys file for the user specified during server setup.

    sudo vi ~/.ssh/authorized_keys
  2. Append the generated public key to the end of the file, save, and exit.

  3. Back in the Admin UI, go to the Servers section and click the update button for the server you just added.

You should see that the server in the list goes to a gray mode while the configuration is being applied and then to a green mode to indicate a successful healthcheck.

If any errors occur, please copy them into an email and send them to support@strongdm.com.

Previous
Add a TCP Connection
Next
Add an SSH Server with Certificate Auth