Cryptzone Support

If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here




« Go Back

Server commands are executed on the appgate server. If one needs to execute a command on a remote system via SSH you would prefer the user is not prompted for any interaction concerning the connection to the trusted server.

The goal is the following scenario:

  1. User logs into appgate.
  2. The user, which is granted access to the component, runs the server command.
  3. The sever command runs with no further user interaction.

Read in the manual about the Server Command component.

There are two issues to challenge: The user needs to have (1) the public key of the trusted server in the $home/.ssh/known_hosts and (2) the private key of a user from the trusted server. Since a user is assigned a tempory home for the lifetime of the session, you need to run some code/script before the ssh command. The command would then put known_host entry and the private key, of a user on the trusted server, into the users home folder. This avoids prompting the user for adding the public key of the know_hosts file and allow him to run the ssh without passphrase. For example you can run the code before your actual server command:

cd ${HOME} 
if [ ! -d ${HOME}/.ssh ]; then
mkdir .ssh
echo 'COPY-PASTE-PUBLIC_KEY_FROM_SERVER > .ssh/known_hosts

The value COPY-PASTE-PUBLIC_KEY_FROM_SERVER you will get after logging into the trusted server. Check in your known_hosts file and copy the value from there.

The private key (identity file) of the user from the trusted server will allow one to login without any password. You can do that in two forms: either you specify the identity file in your ssh command with an absolute path, like ssh -i /path/to/pk or you copy the file into the users .ssh directory and chmod 0700 it, both steps with the script above. 

An access rule is needed to limit the access to the server command, since any user can now run the server command.

Article Info
3/13/2015 8:43 AM
3/13/2015 8:43 AM



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255