Body
Summary
This article explains how to use Password Safe to log into SSH with added security. This article is for USNH users who need to use SSH remote connections and have been authorized to use the Password Safe tool.
Why use Password Safe to Connect via SSH?
BeyondTrust's Password Safe is a password management tool, used to add an extra layer of security for users when connecting to remote resources. After signing into Password Safe with your USNH Single-Sign On (SSO), you will be able to securely access a remote server via SSH.
Install PuTTy Before you Begin
The PuTTY software will enable you to open an SSH session. PuTTY is available through Company Portal on USNH-managed Windows devices.
For information on using Company Portal, please see this KB article: Company Portal: Installing Applications on Managed Workstations - Windows
How-To
Task: Use Password Safe to open an SSH connection without visibly typing your password.
Instructions
Step 1 - Login to BeyondInsight by BeyondTrust with your USNH username@usnh.edu, password, and MFA if required.
Once logged in your home screen should look similar to this (depending on which tools you are authorized to use), with icons for Password Safe (number pad with a lock), Secrets Safe (a bank safe), and Managed Accounts (hand holding a person icon).
Click for full-scale image
Step 2 - Click the Password Safe tile, then the Directory Linked Accounts tab (box 2 in image below).
Note: if a Load All Accounts button appears in the center of the screen, click it. A list of accessible servers will appear.
Step 3 - Navigate in the list to the server you want to connect to and click the Access button (box 3) on the far right.
Click for full-scale image
Step 4 - The Access dialog box will open on the right with various connection options. Click the Quick Launch tab (box 4 in image below) at the top if it's not already selected.
Step 5 - Click the Start SSH Session button (box 5) at the bottom of the screen. A browser window should open after a few moments.
Click for full-scale image
Step 6 - If a permissions dialog box pops up in your web browser, click Open to allow the SSH connection client to open. The pop-up may look similar to this:
Step 7 - Once connected, a command terminal window with an open SSH session will open. This may take a few moments.
If this dialog box doesn't open, you might need to install WinSCP. After installing the application, try connecting again using the steps outlined above.
Outcome
You have successfully connected via SSH to the selected server using Password Safe instead of visibly typing your password.
Troubleshooting
Please submit a TeamDynamix IAM ticket request if you're experiencing an issue in using the Password Safe and any of these criteria are met:
1. You cannot access the Password Safe application.
2. Access to the Password Safe must be added/removed for a user.
3. Access to a server through Password Safe needs to be removed.
4. The server you need to access does not appear in the list after clicking Load All Accounts (Step 2).
Need additional help?
If you have any additional questions, please submit a TeamDynamix IAM ticket request with as much detail as possible.