Close
logodocs

CLI tour

While this guide won't comprehensively cover each command available, it will give you a general idea of the flexibility and power available at your fingertips.

For a deep dive on each command, see the CLI Reference.

One thing you'll want to make sure of before you begin, however, is to ensure that the sdm binary is usable from the commandline. If you're on a Mac, the easiest way to do this is as follows:

After installing the sdm application, open a terminal prompt. From the command line, type the following:

sudo ln -s /Applications/SDM.app/Contents/Resources/sdm.darwin /usr/local/bin/sdm

This will symbolically link the sdm command line application into your PATH. To verify that its working properly, type the following:

$ sdm --version

This should output something similar to:

sdm-cli version 30.13.0 (d9b5d467efab6dcd2c35975c655167116fc7014e #13)

If instead, you see something like this:

-bash: sdm: command not found

It most likely means that the path /usr/local/bin/ is not included in your system search path. You'll have to edit whichever Bash Profile file your system is using. On a Mac, that is likely ~/.bash_profile. Open this file for editing, and then append this line to it: export PATH=/usr/local/bin/:$PATH.

Then, run this command before trying to check your sdm version once more:

$ source ~/.bash_profile

Linux users: After executing sdm install, you'll notice that strongDM has installed at /opt/strongdm and created a symlink to the sdm binary in /usr/local/bin.

That should have you up and going and able to use the command line effectively. Below are a few examples of the kinds of things you can do with with the command line.

Login and logout

$ sdm login
e-mail: letmein@strongdm.com
Please complete logging in at: https://app.strongdm.com/auth/XXXXXXXXXX
authentication successful
$ sdm logout

If your organization uses SSO, it will redirect you to complete authentication via the web. The CLI will attempt to open the provided URL in your browser, or you can visit the URL directly.

Lock and unlock the client

If you have MFA enabled in your organization, you can manually lock and unlock the client from the command line.

$ sdm lock
locked
$ sdm unlock
awaiting confirmation...
unlocked

When in awaiting confirmation... state you will receive an MFA push to complete the unlock process.

Check status of datasources and servers

$ sdm status
DATASOURCE NAME STATUS PORT TYPE
! mysql 5.6.39 not connected 13311 mysql
!jsonb-test not connected 15438 aurora-postgres
Cache01 not connected 16379 redis
CacheM01 not connected 21211 memcached
Inventory DB (Heroku) not connected 15434 postgres
Marketing DB RW not connected 15435 postgres
MySQL 5.6 not connected 13310 mysql
Pricing DB RO not connected 13306 mysql
Users Profile DB RO not connected 15436 postgres
SERVER STATUS PORT TYPE
RDP prod server not connected 13389 rdp
prod01 sudo not connected 62609 ssh
prod02 not connected 62524 ssh

Connect/disconnect

$ sdm connect Marketing
connect successful
$ sdm status
DATASOURCE NAME STATUS PORT TYPE
! mysql 5.6.39 not connected 13311 mysql
!jsonb-test not connected 15438 aurora-postgres
Cache01 not connected 16379 redis
CacheM01 not connected 21211 memcached
Inventory DB (Heroku) not connected 15434 postgres
Marketing DB RW connected 15435 postgres
MySQL 5.6 not connected 13310 mysql
Pricing DB RO not connected 13306 mysql
Users Profile DB RO not connected 15436 postgres
SERVER STATUS PORT TYPE
RDP prod server not connected 13389 rdp
prod01 sudo not connected 62609 ssh
prod02 not connected 62524 ssh
$ psql -h localhost -p 15435 -c 'select 42;'
?column?
----------
42
(1 row)
$ sdm disconnect Marketing
disconnect successful

Connect to SSH

As described in the SSH connection guide there are several ways to connect to SSH servers. The easiest is to use the sdm ssh aliases. Using this method it is not necessary to run sdm connect before opening the SSH connection.

$ alias|grep sdm
scp='scp -S'\''/usr/local/bin/sdm'\'' -osdmSCP'
ssh='/usr/local/bin/sdm ssh wrapped-run'
$ ssh prod02
Last login: Wed Mar 13 14:23:01 2019 from ip-xx-xx-xx-xx.us-west-2.compute.internal
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
[ops@ip-xx-xx-xx-xx ~]$ exit
logout
Connection to 127.0.0.1 closed.

This command is not available to Windows CLI users. To connect to SSH servers using Windows and the CLI, run sdm connect servername then connect with your preferred ssh client to localhost:port.

## The sdm directory

By default, logs are written to ~/.sdm/sdm.log for both clients and relays.

You will also notice several authentication-related files in this directory. The *.key files serve as the private keys which authenticate you and your machine.

For detailed information about the CLI and its usage, see the CLI Reference.

User Guide — Previous
User Guide Overview
Next — User Guide
GUI Tour