Custom Launcher for SecureCRT (SSH)

The following instructions describe how to set up a custom launcher using SecureCRT:

Step 1: Creating the Custom Launcher

  1. Log into Secret Server.

  2. Search for Secret Templates.

  3. Click the Launchers tab.

  4. Click the Create button. The New Launcher page appears.

  5. Click the Launcher Type dropdown list and select one of the following:

    • Process: use this type if you want to use secret credentials to connect directly to the remote host. This choice launches the process on the user's machine and replaces $ parameters with values from the secret and its associated secret.

    • Batch File: Not used for this task. Launches the indicated batch file on the user's machine. Allows the script to launch multiple processes using information from the server. Recommended only for advanced users.

    • Proxied SSH Process: If you have SSH proxy enabled, this type launches the specified SSH client on the user's machine. This prevents secret credentials from being passed to the client, by connecting to the Secret Server proxy to interact with the remote host. When the SSH proxy server is running, launched SSH sessions are proxied through the server.

    • Session Connector Launcher: Not used for this task. Allows for downloading and running an RDP file. This file is used to launch a Remote Desktop Server with protocol handler installed, making it unnecessary for end-user client machines to install anything. Recommended only for advanced users.

      Depending on what launcher type you chose, all the steps below may not apply. The steps are in the order they appear in the UI, so if you do not see the item mentioned in the interface, you can ignore it.

  6. For the sake of this example, choose the Proxied SSH process type.

  7. In the Launcher Name text box, type the name Secure CRT Proxied Process.

  8. Select the State checkbox to enable the launcher.

  9. Select the Use Additional Prompt checkbox to add another field to the prompt. A text box appears to type the name of the field. You can reference the value in the arguments with the $ prefix.

  10. Select the Track Multiple Windows checkbox to track child windows of the initial window.

  11. Type a comma-delimited list of the names of other processes that are not started or terminated by the launcher, that you want tracked, in the Record Additional Processes text box. For example, an X11 server.

  12. Select the Wrap custom parameters with quotation marks checkbox to prevent parameter injection in process argument fields. This means quotation marks are inserted around custom parameters prior to launch. For example: $USERNAME becomes "$USERNAME".

  13. Select the Preserve SSH Client Process checkbox to keep SSH client processes running after the launched process terminates. This is to support tabbed SSH clients and only applies to proxied SSH processes.

  14. Select the Use SFTP Tunneling with SSH Proxy checkbox to enable using multiple SFTP data connections. Many SFTP clients require this setting to be enabled.

  15. In the Windows Settings section, type the location and filename of the executable (C:\program files\acme software\clients\securecrt.exe) in the Process Name text box. The location must be on the client machine, i.e. the machine that will run the launcher.

    This step is a requirement for the SecureCRT launcher to work.

  16. Type the following custom command-line parameters in the Process Arguments text box:

    /ssh2 /AUTH keyboard-interactive /PASSWORD $PASSWORD /P $PORT /L $USERNAME $HOST

    See Custom Launcher Process Arguments for details.

  17. Click the Save button. The new launcher appears.

Step 2: Creating a Custom Secret Template (optional)

See Creating or Editing Secret Templates for details on creating a custom secret template.

Step 3: Associating the Launcher with a Secret Template

  1. Log into Secret Server.
  2. Search for Secret Templates. The Secret Templates page loads.
  3. Click the link for the desired template. That template's page appears.
  4. Click the Mapping tab.
  5. Click the Add Mapping button. A popup appears.
  6. In the Mapping Type dropdown list, select your custom launcher. The Host, Password, Port, and Username fields appear. For each field dropdown list, select the following:
    • Host: <user input>
    • Password: <blank>
    • Port: <use default>. The Default value field appears.
    • Default value: user's choice, pick an integer.
    • Username: select an available item.
  7. Click the Save button.

You can now launch SecureCRT whenever you use the launcher for secrets based off of this template.