Custom Launcher for SecureCRT (SSH)

The following instructions describe how to set up a custom launcher using SecureCRT:

Step 1: Creating the Custom Launcher

  1. Navigate to Administration > Core Actions > Secret Templates.

  2. Click the Launchers tab.

  3. Click the Create button. The New Launcher page appears.

  4. Click the Launcher Type dropdown list box and select one of the following:

    • Process: If you want to use secret credentials to connect directly to the remote host. This choice launches the process on the user's machine and replaces $ parameters with values from the Secret and its associated Secret.

    • Proxied SSH Process: If you have SSH Proxy enabled. Launches the specified SSH client on the user's machine. This prevents Secret credentials from being passed to the client by connecting to Secret Server's proxy to interact with the remote host. When the SSH Proxy Server is running, launched SSH sessions are proxied through the server.

    • Batch File: Not used for this task. Launches the indicated batch file on the user's machine. Allows the script to launch multiple processes using information from the server. Recommended only for advanced users.

    • Session Connector Launcher: Not used for this task. Allows for downloading and running an RDP file to launch into a Remote Desktop Server with protocol handler installed, so end-user client machines do not need to install anything. Recommended only for advanced users.

      Depending on what launcher type you chose, all the steps below may not apply. The steps are in the order they appear in the UI, so if you do not see the item mentioned in the instruction in the interface, you can simply ignore it.

  5. Type the name Secure CRT Proxied Process in the Launcher Name text box.

  6. Click to select the State check box to enable the launcher.

  7. Click to select the Use Additional Prompt check box to add another field to the prompt. A text box appears to type the name of the field. You can reference the value in the arguments with the $ prefix.

  8. Click to select the Track Multiple Windows check box to track child windows of the initial window.

  9. Click to select the Wrap custom parameters with quotation marks check box to prevent parameter injection in Process Arguments field. When selected, quotation marks are inserted around custom parameters prior to launch. For example: $USERNAME becomes "$USERNAME".

  10. Type a comma delimited list of the names of other processes that are not started or terminated by the launcher that you want tracked in the Record Additional Processes text box.

  11. Click to select the Preserve SSH Client Process check box to keep SSH client processes running after the launched process terminates. This is to support tabbed SSH clients and only applies to proxied SSH processes.

  12. Click to select the Use SFTP Tunneling with SSH Proxy check box to enable using multiple SFTP data connections. Many SFTP clients require that this is enabled.

  13. Type the location and filename of the executable (C:\program files\acme software\clients\securecrt.exe) in the Process Name text box in the Windows Settings section. The location must be on the client machine (the machine that will run the launcher).

  14. Type the following custom command-line parameters in the Process Arguments text box:

    /ssh2 /AUTH keyboard-interactive /PASSWORD $PASSWORD /P $PORT /L $USERNAME $HOST

    See Custom Launcher Process Arguments

  15. Click the Save button. The new launcher appears.

Step 2: Creating a Custom Secret Template (optional)

See Creating or Editing Secret Templates for details on creating a custom secret template.

Step 3: Associating the Launcher with a Secret Template

  1. Navigate to Administration > Secret Templates.
  2. Click the link for the desired template. That template's page appears.
  3. Click the Mapping tab.
  4. Click the Add Mapping button. A popup appears.
  5. Click the Mapping Type dropdown list to select your custom launcher. Domain, host, password, port, and username fields appear.
  6. Leave the Domain set to <blank>.
  7. Click the Host dropdown list to select Machine.
  8. Click the Password dropdown list to select Password.
  9. Click the Port dropdown list to select <use default>.
  10. Click the Username dropdown list to select Username.
  11. Click the Save button. You can now launch SecureCRT whenever you use the launcher for secrets based off of this template.