Remote Login: Using Password Safe for SSH Connections

Summary

This article explains how to use Password Safe to log into SSH with added security. This article is for USNH users who need to use SSH remote connections and have been authorized to use the Password Safe tool.

 

Why use Password Safe to Connect via SSH? 

BeyondTrust's Password Safe is a password management tool, used to add an extra layer of security for users when connecting to remote resources. After signing into Password Safe with your USNH Single-Sign On (SSO), you will be able to securely access a remote server via SSH.

 

Install PuTTy Before you Begin

The PuTTY software will enable you to open an SSH session. PuTTY is available through Company Portal on USNH-managed Windows devices.

Uploaded Image (Thumbnail) - Screen shot of PuTTY tile in Company Portal

For information on using Company Portal, please see this KB article: Company Portal: Installing Applications on Managed Workstations - Windows

 

How-To

Task: Use Password Safe to open an SSH connection without visibly typing your password. 

Instructions

Step 1 - Login to BeyondInsight by BeyondTrust with your USNH username@usnh.edu, password, and MFA if required. 

Once logged in your home screen should look similar to this (depending on which tools you are authorized to use), with icons for Password Safe (number pad with a lock), Secrets Safe (a bank safe), and Managed Accounts (hand holding a person icon).

Uploaded Image (Thumbnail)Click for full-scale image

 

Step 2 - Click the Password Safe tile, then the Directory Linked Accounts tab (box 2 in image below).

Note: if a Load All Accounts button appears in the center of the screen, click it. A list of accessible servers will appear.

Step 3 - Navigate in the list to the server you want to connect to and click the Access button (box 3) on the far right.

Uploaded Image (Thumbnail) - image of server list and click accessClick for full-scale image

 

Step 4 - The Access dialog box will open on the right with various connection options. Click the Quick Launch tab (box 4 in image below) at the top if it's not already selected.

Step 5 - Click the Start SSH Session button (box 5) at the bottom of the screen. A browser window should open after a few moments.

Uploaded Image (Thumbnail) - image that highlights "Quick Launch" and "Start SSH Session"Click for full-scale image

 

Step 6 - If a permissions dialog box pops up in your web browser, click Open to allow the SSH connection client to open.  The pop-up may look similar to this:

image of pop-up that highlights "Open" button

 

Step 7 - Once connected, a command terminal window with an open SSH session will open. This may take a few moments. 

If this dialog box doesn't open, you might need to install WinSCP. After installing the application, try connecting again using the steps outlined above. 

 

Outcome

You have successfully connected via SSH to the selected server using Password Safe instead of visibly typing your password.

 

Troubleshooting

Please submit a TeamDynamix IAM ticket request if you're experiencing an issue in using the Password Safe and any of these criteria are met:

1. You cannot access the Password Safe application.

2. Access to the Password Safe must be added/removed for a user.

3. Access to a server through Password Safe needs to be removed.

4. The server you need to access does not appear in the list after clicking Load All Accounts (Step 2).

 

Need additional help?

If you have any additional questions, please submit a TeamDynamix IAM ticket request with as much detail as possible.