sdm admin servers add

Last modified on August 18, 2025

NAME:
   sdm admin servers add - add one or more server

USAGE:
   sdm admin servers add command [command options] [arguments...]

COMMANDS:
   rawtcp                                         create TCP server
   rdp                                            create RDP server
   rdp-cert, rdpCert                              create RDP (Certificate Based) server
   ssh                                            create SSH (Public Key) server
   ssh-cert, sshCert                              create SSH (Certificate Based) server
   ssh-customer-key                               create SSH (Customer Managed Key) server

rawtcp

NAME:
   sdm admin servers add rawtcp - create TCP server

USAGE:
   sdm admin servers add rawtcp [command options] <name>

OPTIONS:
   --bind-interface value    bind interface (default: "127.0.0.1")
   --egress-filter value     apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --hostname value          The traffic content is not recorded. (required)
   --port value              (default: 49150)
   --port-override value     port profile override (default: -1)
   --proxy-cluster-id value  proxy cluster id
   --subdomain value         This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
   --tags value              tags e.g. 'key=value,...'
   --template, -t            display a JSON template
   --timeout value           set time limit for command

rdp

NAME:
   sdm admin servers add rdp - create RDP server

USAGE:
   sdm admin servers add rdp [command options] <name>

OPTIONS:
   --bind-interface value       bind interface (default: "127.0.0.1")
   --downgrade-nla-connections  Note: when downgraded, StrongDM cannot verify usernames and passwords for Remote Desktop connections
   --egress-filter value        apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --hostname value             (required)
   --lock-required              Require a resource lock to access the resource to ensure it can only be used by one user at a time.
   --password value             (required, secret)
   --port value                 (default: 3389)
   --port-override value        port profile override (default: -1)
   --proxy-cluster-id value     proxy cluster id
   --secret-store-id value      secret store id
   --subdomain value            This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
   --tags value                 tags e.g. 'key=value,...'
   --template, -t               display a JSON template
   --timeout value              set time limit for command
   --username value             (required, secret)

rdp-cert

NAME:
   sdm admin servers add rdp-cert - create RDP (Certificate Based) server

USAGE:
   sdm admin servers add rdp-cert [command options] <name>

OPTIONS:
   --bind-interface value                       IP address on which to listen for connections to this resource on clients. Specify "default", "loopback", or "vnm" to automatically allocate an available address from the corresponding IP range configured in the organization. (default: "default")
   --egress-filter value                        apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --hostname value                             (required)
   --identity-alias-healthcheck-username value  (conditional)
   --identity-set-id value                      
   --identity-set-name value                    set the identity set by name
   --lock-required                              Require a resource lock to access the resource to ensure it can only be used by one user at a time.
   --port value                                 (default: 3389)
   --port-override value                        Port on which to listen for connections to this resource on clients. Specify "-1" to automatically allocate an available port. (default: -1)
   --proxy-cluster-id value                     proxy cluster id
   --secret-store-id value                      secret store id
   --sid value                                  Windows Security Identifier (SID) of the configured Username, required for strong certificate mapping in full enforcement mode. (secret)
   --subdomain value                            This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
   --tags value                                 tags e.g. 'key=value,...'
   --template, -t                               display a JSON template
   --timeout value                              set time limit for command
   --username value                             (conditional, secret)

ssh

NAME:
   sdm admin servers add ssh - create SSH (Public Key) server

USAGE:
   sdm admin servers add ssh [command options] <name>

OPTIONS:
   --allow-deprecated-key-exchanges  sdm must use TLS to connect
   --bind-interface value            bind interface (default: "127.0.0.1")
   --egress-filter value             apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --hostname value                  (required)
   --key-type value                  
   --port value                      (required) (default: 22)
   --port-forwarding                 
   --port-override value             port profile override (default: -1)
   --proxy-cluster-id value          proxy cluster id
   --secret-store-id value           secret store id
   --subdomain value                 This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
   --tags value                      tags e.g. 'key=value,...'
   --template, -t                    display a JSON template
   --timeout value                   set time limit for command
   --username value                  (required, secret)

ssh-cert

NAME:
   sdm admin servers add ssh-cert - create SSH (Certificate Based) server

USAGE:
   sdm admin servers add ssh-cert [command options] <name>

OPTIONS:
   --allow-deprecated-key-exchanges             sdm must use TLS to connect
   --bind-interface value                       bind interface (default: "127.0.0.1")
   --egress-filter value                        apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --hostname value                             (required)
   --identity-alias-healthcheck-username value  (conditional)
   --identity-set-id value                      
   --identity-set-name value                    set the identity set by name
   --key-type value                             
   --port value                                 (required) (default: 22)
   --port-forwarding                            
   --port-override value                        port profile override (default: -1)
   --proxy-cluster-id value                     proxy cluster id
   --secret-store-id value                      secret store id
   --subdomain value                            This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
   --tags value                                 tags e.g. 'key=value,...'
   --template, -t                               display a JSON template
   --timeout value                              set time limit for command
   --username value                             (conditional, secret)

ssh-customer-key

NAME:
   sdm admin servers add ssh-customer-key - create SSH (Customer Managed Key) server

USAGE:
   sdm admin servers add ssh-customer-key [command options] <name>

OPTIONS:
   --allow-deprecated-key-exchanges             sdm must use TLS to connect
   --bind-interface value                       bind interface (default: "127.0.0.1")
   --egress-filter value                        apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --hostname value                             (required)
   --identity-alias-healthcheck-username value  (conditional)
   --identity-set-id value                      
   --identity-set-name value                    set the identity set by name
   --port value                                 (required) (default: 22)
   --port-forwarding                            
   --port-override value                        port profile override (default: -1)
   --proxy-cluster-id value                     proxy cluster id
   --private-key value                          The file path of the private key used to authenticate with the server. (required, secret)
   --proxy-cluster-id value                     proxy cluster id
   --secret-store-id value                      secret store id
   --subdomain value                            This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
   --tags value                                 tags e.g. 'key=value,...'
   --template, -t                               display a JSON template
   --timeout value                              set time limit for command
   --username value                             (conditional, secret)
Top