Connect to SSH Servers

Last modified on October 4, 2023

There are three different ways to connect to SSH servers with StrongDM:

  • Use the CLI
  • Connect with ssh as an alias for sdm
  • Connect directly with ssh using the mapped port

Use the StrongDM Binary

Directly

You can connect to any accessible server simply by using sdm ssh <servername>. This command also attempts to complete <servername> as long as you use a unique substring of a valid server.

$ sdm status
     DATASOURCE NAME           STATUS            PORT      TYPE
     Customer DB RO            not connected     5432      postgres
     Document DB               not connected     27017     mongo

     SSH SERVER                STATUS            PORT      TYPE
     bastion01                 not connected     60672     ssh
     deployment04              not connected     60834     ssh
$ sdm ssh bas
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1026-aws x86_64)
Last login: Thu Jun 14 16:12:48 2018 from 127.0.0.1
ubuntu@bastion01:~$

Make an alias

The easiest way to use SSH with StrongDM is to add the StrongDM aliases to your shell profile.

  • Type sdm ssh alias to get the required aliases; they map ssh and scp to use the StrongDM binary.

    sdm ssh alias 
# Run this in the command line, or add the following to $HOME/.bashrc
alias ssh="/usr/local/bin/sdm ssh wrapped-run"
alias scp="scp -S'/usr/local/bin/sdm' -osdmSCP"

  • Run the resulting lines on the prompt and/or add them to $HOME/.bashrc or the equivalent for your shell.

  • Start a new shell and test by connecting to an SSH server: ssh <servername>.

This does not interrupt anything you have defined via straight SSH. It first checks StrongDM, and if nothing exists, defaults to your standard path.

Use the Mapped Port

Just like connecting to databases, you can connect directly to the mapped server ports using ssh.

  1. Open a connection to the server by clicking on its name in the desktop app, or via the sdm connect <SERVER_NAME> command. For example: sdm connect server01

  2. Note the port assigned to the server in the desktop app or listed under sdm status.

  3. Connect via the ssh localhost -p <PORT> command. For example: ssh localhost -p 14213

Windows 10/11

Windows 10 and 11 come with OpenSSH installed by default, but the executable is not where sdm looks for it by default. In order to use sdm ssh commands, you must copy ssh.exe from C:\Windows\System32\OpenSSH\ssh.exe to C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\ssh.exe.