SSH Command Menus

Secret Server supports privilege management and command restrictions for UNIX and other platforms with SSH interfaces. Privilege management is an additional layer of access control that can be applied to secrets with SSH Launchers over SSH Proxy. Privilege management gives the ability to grant users access to a machine with specific command restrictions to define the available commands that a user may run as root/admin or as another privileged account.

To use command restrictions, Secret Server must have SSH Proxy enabled.

With command menus, you can configure predefined commands that users or groups will be able to access when connecting as a privileged account. A command menu is a list of command names mapped to system commands. The format for specifying a command is to separate a name and a command with an equals symbol.

For example: restart_apache = /usr/sbin/service apache restart

You may also use parameters in commands so users can execute more complex commands.

For example: move_file = /bin/mv $src $dst

You can specify environmental variables by escaping dollar signs in commands.

For example: go_home = cd $$HOME

Command restrictions currently do NOT support complex commands, such as multiple commands on one line, piping, or output redirection. To support these functions, you may add a script to the system that has these capabilities and map the command to that script.

We highly recommend that generated scripts have proper user permissions and that the absolute path is used. The absolute path ensures that the correct script is being executed.

Commands may NOT be named as numbers or one of the following predefined commands:

  • ..

  • up

  • -help

  • ?

  • -more

  • logout

  • exit

Connecting to a Target using a Second Account

To connect to a target using a separate account:

  1. Navigate to an SSH secret (e.g. Account1), that has the Launchers section and a PuTTY launcher available.

  2. Specify another secret (e.g Account2) as the Connect As secret that you wish to connect as in the PuTTY Launcher.

  3. Click the Launch button, and "Account2" logs in.

  4. Secret Server will run this command as "Account2" automatically: su - Account1

  5. The SSH session will prompt for a password, which Secret Server will also populate automatically.

"Account2" then becomes "Account1" and from that point on you are logged in as "Account1".

Using SSH Command Menus in an SSH Remote Session

To enable command restrictions:

  1. Navigate to an SSH secret and access the Security tab.

  2. Set both Enable Proxy and Restrict SSH Commands to Yes. This gives you the ability to map users and groups to command menus:

  3. For the second option, the following popup appears:

  4. Keep the Allowed Command Menus option selected.

  5. Select the Allow Owners Unrestricted SSH Commands checkbox if you wish for the owners of the secret to also be launched into a normal shell environment without command restrictions.

    1. Add groups and / or users into the permissions overrides section and click Save.

  6. Click the Launch button on the secret to start a PuTTY session.

  7. At the top of the SSH window that opens, there is a number followed by the name that was provided when creating the list of defined commands.

  8. Select the number next to the allowed command menu you wish to use by entering it in the command line. This will show the list of commands users are allowed to run within that SSH session.

At least one command menu must be selected unless Allow Owners Unrestricted SSH Commands is enabled. You can apply command restrictions to a secret policy for ease of management.