JumpServer SSH: session logs and command control
We'll test the SSH connection to see how it really works and how it blocks SSH commands.
Why am I doing this? After years of working with different Privileged Access Management (PAM) systems, I've noticed that the documentation and features often don't match how the control of different types of connections actually works in PAM.
Theare two ways to start SSH session in JumpServer: SSH in WebUI, SSH client (launched localy by JumpServerClient, Putty by default) and SSH Proxy credentials, which can be used in any SSH client manually
You can see results in this table:
| SSH WebGUI | SSH Client (Putty, launched by JS Client) | SSH Proxy Credentials (use it manually in any client) |
Video | yes | yes | yes |
Command logging | yes | yes | yes |
Command blocking\ warning | yes | yes | yes |
Su root automation after login | yes | yes | yes |
How SSH connection works?
SSH WebGUI.
Started SSH WebGUI, on the right side I can see additional panel where I can share session with another user and change teminal color:
SSH Putty, launched by JS Client
After clicking "Native Client" option it opened standard Putty, no need to screenshot this :)
Generating SSH proxy credentials for manual usage
When I click "SSH Guide", system generate proxy credentials for me:
First connect line with one time token - for fast access without entering any passwords
Second one - connection line which I can use in shortcuts or connection managers, need to enter user password for connection.
What I can see in session logs?
Video with timstamps of entered commands:
Logged commands with output of commands:
Comentários