Add an SSH Server with Username/Password Auth

StrongDM network device management allows your organization to modernize and secure privileged access to your network in on-premises environments. Users managed within StrongDM or through your identity provider can be granted access to network devices such as routers, switches, and other physical hardware devices. Any device that typically requires a username and password or a certificate and can be connected to via SSH can be managed in this way. Managing access to these devices with StrongDM provides you with a way to enable users that need access to have it when they need it, to easily revoke unnecessary access, and to audit actions along the way. These tools, along with using best practice security measures, can help to improve security by preventing users from using unsecured local account credentials to access network infrastructure. This article describes how to set up network device management.

• Least Privilege: For network devices, least privilege can be accomplished by setting up multiple instances of the device as StrongDM resources. Each resource would connect using a different set of credentials with different permissions granted to it.
• Just-in-Time Access: StrongDM users are able to use any access workflows you set up to request access to your network devices, allowing you the choice between granting Just-in-Time (JIT) access with requests or providing standing access to particular users or roles within your StrongDM organization. For more details, see the Access Workflows section.
  To avoid confusion during access requests, if there are multiple network devices in StrongDM, it may be useful to name them in such a way that indicates the level of access, so that users know the name of the resource to request.
• Context-Based Policy: StrongDM policies that restrict or enable users’ ability to connect to network devices based on their context can be used to limit availability of your devices to users in particular geographic locations or with good device trust scores. Policies can also be used to provide an MFA challenge prior to connection, and help solve for many more use cases. For more details, see the Policies section.

Prerequisites #

• Admin permission level for your StrongDM user
• Access credentials for the network device in question

Configuration #

Follow the SSH resource configuration guide that corresponds with the type of authentication that you use to access your network device.

• For network devices with username/password authentication, use the SSH (Username/Password) resource type.
• For network devices with certificate authentication, use the SSH (Certificate Auth resource type.

Logs #

For logs of access to the resource in the Admin UI:

• Activities will provide authentication records for the resource.
• Queries will provide all of the queries of users.
• SSH will provide SSH replays of user sessions.

CLI Usage #

For instructions on how to interact with the configured resource from the command line, users should see the Connect to SSH Servers guide.