sdm admin servers add
Last modified on August 18, 2025
NAME:
sdm admin servers add - add one or more server
USAGE:
sdm admin servers add command [command options] [arguments...]
COMMANDS:
rawtcp create TCP server
rdp create RDP server
rdp-cert, rdpCert create RDP (Certificate Based) server
ssh create SSH (Public Key) server
ssh-cert, sshCert create SSH (Certificate Based) server
ssh-customer-key create SSH (Customer Managed Key) server
rawtcp
NAME:
sdm admin servers add rawtcp - create TCP server
USAGE:
sdm admin servers add rawtcp [command options] <name>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--hostname value The traffic content is not recorded. (required)
--port value (default: 49150)
--port-override value port profile override (default: -1)
--proxy-cluster-id value proxy cluster id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
rdp
NAME:
sdm admin servers add rdp - create RDP server
USAGE:
sdm admin servers add rdp [command options] <name>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--downgrade-nla-connections Note: when downgraded, StrongDM cannot verify usernames and passwords for Remote Desktop connections
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--hostname value (required)
--lock-required Require a resource lock to access the resource to ensure it can only be used by one user at a time.
--password value (required, secret)
--port value (default: 3389)
--port-override value port profile override (default: -1)
--proxy-cluster-id value proxy cluster id
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
--username value (required, secret)
rdp-cert
NAME:
sdm admin servers add rdp-cert - create RDP (Certificate Based) server
USAGE:
sdm admin servers add rdp-cert [command options] <name>
OPTIONS:
--bind-interface value IP address on which to listen for connections to this resource on clients. Specify "default", "loopback", or "vnm" to automatically allocate an available address from the corresponding IP range configured in the organization. (default: "default")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--hostname value (required)
--identity-alias-healthcheck-username value (conditional)
--identity-set-id value
--identity-set-name value set the identity set by name
--lock-required Require a resource lock to access the resource to ensure it can only be used by one user at a time.
--port value (default: 3389)
--port-override value Port on which to listen for connections to this resource on clients. Specify "-1" to automatically allocate an available port. (default: -1)
--proxy-cluster-id value proxy cluster id
--secret-store-id value secret store id
--sid value Windows Security Identifier (SID) of the configured Username, required for strong certificate mapping in full enforcement mode. (secret)
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
--username value (conditional, secret)
ssh
NAME:
sdm admin servers add ssh - create SSH (Public Key) server
USAGE:
sdm admin servers add ssh [command options] <name>
OPTIONS:
--allow-deprecated-key-exchanges sdm must use TLS to connect
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--hostname value (required)
--key-type value
--port value (required) (default: 22)
--port-forwarding
--port-override value port profile override (default: -1)
--proxy-cluster-id value proxy cluster id
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
--username value (required, secret)
ssh-cert
NAME:
sdm admin servers add ssh-cert - create SSH (Certificate Based) server
USAGE:
sdm admin servers add ssh-cert [command options] <name>
OPTIONS:
--allow-deprecated-key-exchanges sdm must use TLS to connect
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--hostname value (required)
--identity-alias-healthcheck-username value (conditional)
--identity-set-id value
--identity-set-name value set the identity set by name
--key-type value
--port value (required) (default: 22)
--port-forwarding
--port-override value port profile override (default: -1)
--proxy-cluster-id value proxy cluster id
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
--username value (conditional, secret)
ssh-customer-key
NAME:
sdm admin servers add ssh-customer-key - create SSH (Customer Managed Key) server
USAGE:
sdm admin servers add ssh-customer-key [command options] <name>
OPTIONS:
--allow-deprecated-key-exchanges sdm must use TLS to connect
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--hostname value (required)
--identity-alias-healthcheck-username value (conditional)
--identity-set-id value
--identity-set-name value set the identity set by name
--port value (required) (default: 22)
--port-forwarding
--port-override value port profile override (default: -1)
--proxy-cluster-id value proxy cluster id
--private-key value The file path of the private key used to authenticate with the server. (required, secret)
--proxy-cluster-id value proxy cluster id
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
--username value (conditional, secret)