Skip to main content

Rdp y SSh

SSH

Soffid allows you to deploy a new docker container with the ssh gateway. The configuration is similar to the sync server configuration, the main difference is the ssh container is listening in ssh.

Prerequisites

The PAM Service is only released as a docker service.

1. Install docker ( https://docs.docker.com/install/ )

2. Create a Docker network(*), that network allows you to connect containers to the same bridge network to communicate:

sudo docker network create -d bridge NETWORKNAME

*  You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.

Installation

The steps required to install SSH contaner are:

1. Create a user

We need to create a user in the pam store container. To do this, we need to connect to the store container.

sudo docker exec -it soffid-pam-store /bin/bash

Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We has to type launcher in the role parameter

root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#

As a result of the script, we recevie the password for the created user. This password will be needed later when we create the container.

2. Create volume

We need to create a volume that will be used by the docker container

sudo docker volume create soffid-rdp

3. Create docker container

 

docker run \
--name soffid-ssh \
-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
-e SOFFID_USER=admin \
-e SOFFID_PASS=changeit \
-e SOFFID_HOSTNAME=ssh-gateway \
-e STORE_SERVER=http://soffid.pat.pam:8082 \
-e STORE_PASSWORD=kDH0vh8MFWWn843Vhzmj0Np7uzMEfbqFYM1ELCQqOf++tF0xfd=Ve2eGq81OXvqy \
-e STORE_USER=proxysshtest \
-v soffid-ssh:/opt/soffid/iam-sync/conf \
--publish 2222:22 \
--network=soffidnet \
soffid/pam-ssh:1.4.2

Environment Variables

To create the new SSH container you need to set the following environment variables:

Variable Description Example

SOFFID_SERVER

Sync Server URL

https://syncserver01.soffid.com:1760

SOFFID_USER

Soffid user to join the security domain

admin

SOFFID_PASSWORD

Soffid user password

changeit

SOFFID_HOSTNAME

The hostname used to access the ssh gateway

ssh-gateway

STORE_SERVER

Store URL

http://soffid.pat.pam:8082

STORE_PASSWORD

Store password

****************

STORE_USER

Store user

proxyssh

 

 


/opt/soffid/tomee/bin/
./add-user.sh proxyssh launcher

docker volume create soffid-ssh

docker run --name soffid-ssh \
-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
-e SOFFID_USER=admin \
-e SOFFID_PASS=admin123 \
-e SOFFID_HOSTNAME=ssh-gateway \
-e STORE_SERVER=http://soffid.pat.pam:8082 \
-e STORE_PASSWORD=kDH0vh8MFWWn843Vhzmj0Np7uzMEfbqFYM1ELCQqOf++tF0xgSrVe2eGq81OXvqy \
-e STORE_USER=proxyssh \
-v soffid-ssh:/opt/soffid/iam-sync/conf \
--add-host soffid.pat.pam:192.168.133.1 \
--add-host forge.dev.lab:10.129.120.5 \
--publish 2222:22 \
--network=soffidnet.intenal \
soffid/pam-ssh:1.4.2