CLI Tour
This article provides an overview of the command line interface (CLI) utility. Specifically, it covers how to test the client's configuration and some commonly used CLI commands. Although it won't comprehensively cover each command available, it will give you a general idea of the flexibility and power available at your fingertips from the CLI.
For a deep dive on each command, see the CLI Reference.
Client Configuration Confirmation
As a reminder, to verify the client is working, type the following:
sdm --version
This should output something similar to the following:
sdm-cli version 30.13.0 (d9b5d467efab6dcd2c35975c655167116fc7014e #13)
If the output is not like this, you should revisit the installation guide for whichever operating system your local machine uses (i.e., Linux, macOS, or Windows) for detail on installation and setup.
Note that when using the sdm admin
commands, the --certificate-authority
value that is required in many places is a file path, not a Base64 encoded certificate.
Login and Logout
Example:
$ sdm logine-mail: letmein@strongdm.comPlease complete logging in at: https://app.strongdm.com/auth/XXXXXXXXXXauthentication successful$ sdm logout
If your organization uses SSO, it will redirect you to complete authentication via the web. The CLI will attempt to open the provided URL in your browser, or you can visit the URL directly.
Lock and Unlock the Client
If you have MFA enabled in your organization, you can manually lock and unlock the client from the command line.
Example:
$ sdm locklocked$ sdm unlockawaiting confirmation...unlocked
When in awaiting confirmation...
state you will receive an MFA push to complete the unlock process.
Check the Status of Datasources and Servers
Example:
$ sdm statusDATASOURCE NAME STATUS PORT TYPE! mysql 5.6.39 not connected 13311 mysql!jsonb-test not connected 15438 aurora-postgresCache01 not connected 16379 redisCacheM01 not connected 21211 memcachedInventory DB (Heroku) not connected 15434 postgresMarketing DB RW not connected 15435 postgresMySQL 5.6 not connected 13310 mysqlPricing DB RO not connected 13306 mysqlUsers Profile DB RO not connected 15436 postgresSERVER STATUS PORT TYPERDP prod server not connected 13389 rdpprod01 sudo not connected 62609 sshprod02 not connected 62524 ssh
Connect/disconnect
Example:
$ sdm connect Marketingconnect successful$ sdm statusDATASOURCE NAME STATUS PORT TYPE! mysql 5.6.39 not connected 13311 mysql!jsonb-test not connected 15438 aurora-postgresCache01 not connected 16379 redisCacheM01 not connected 21211 memcachedInventory DB (Heroku) not connected 15434 postgresMarketing DB RW connected 15435 postgresMySQL 5.6 not connected 13310 mysqlPricing DB RO not connected 13306 mysqlUsers Profile DB RO not connected 15436 postgresSERVER STATUS PORT TYPERDP prod server not connected 13389 rdpprod01 sudo not connected 62609 sshprod02 not connected 62524 ssh$ psql -h localhost -p 15435 -c 'select 42;'?column?----------42(1 row)$ sdm disconnect Marketingdisconnect successful
Connect to SSH
As described in the SSH connection guide there are several ways to connect to SSH servers. The easiest is to use the sdm ssh
aliases. Using this method it is not necessary to run sdm connect
before opening the SSH connection.
Example:
$ alias|grep sdmscp='scp -S'\''/usr/local/bin/sdm'\'' -osdmSCP'ssh='/usr/local/bin/sdm ssh wrapped-run'$ ssh prod02Last login: Wed Mar 13 14:23:01 2019 from ip-xx-xx-xx-xx.us-west-2.compute.internal__| __|_ )_| ( / Amazon Linux 2 AMI___|\___|___|https://aws.amazon.com/amazon-linux-2/[ops@ip-xx-xx-xx-xx ~]$ exitlogoutConnection to 127.0.0.1 closed.
This command is not available to Windows CLI users. To connect to SSH servers using Windows and the CLI, run sdm connect servername
then connect with your preferred ssh client to localhost:port
.
Export User Activity Logs
In order to export user activity logs, run the following command: sdm audit activities --from YYYY-MM-DD
Example:
sdm audit activities --from 2021-03-12
The date field is the start date for the logs you're retrieving. By default, the results are in CSV format. If you want to change the output to JSON, you may add the -j
flag.
Example:
sdm audit activities -j --from 2021-03-12
The default output is stdout
; however, if you want the output to go to a file, you may use the -o
flag. When using the -o
flag, note that the flag must be the last flag invoked, followed by the name of the file you wish to create. Run the command from the directory where you want the file saved.
Example:
sdm audit activities --from 2021-03-12 -o example_logs_file.txt
The sdm Directory
By default, logs are written to ~/.sdm/sdm.log
for both Clients and Relays.
You will also notice several authentication-related files in this directory. The *.key
files serve as the private keys which authenticate you and your machine.
For detailed information about the CLI and its usage, see the CLI Reference.
If any errors occur in any way, please contact support@strongdm.com for assistance.