Rdp y SSh
SSH
Soffid allows you to deploy a new docker container with the ssh gateway. The configuration is similar to the sync server configuration, the main difference is the ssh container is listening in ssh.
Prerequisites
The PAM Service is only released as a docker service.
1. Install docker ( https://docs.docker.com/install/ )
2. Create a Docker network(*), that network allows you to connect containers to the same bridge network to communicate:
sudo docker network create -d bridge NETWORKNAME
* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.
Installation
The steps required to install SSH contaner are:
1. Create a user
We need to create a user in the pam store container. To do this, we need to connect to the store container.
sudo docker exec -it soffid-pam-store /bin/bash
Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We has to type launcher in the role parameter
root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#
As a result of the script, we recevie the password for the created user. This password will be needed later when we create the container.
2. Create volume
We need to create a volume that will be used by the docker container
sudo docker volume create soffid-rdp
3. Create docker container
docker run \
--name soffid-ssh \
-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
-e SOFFID_USER=admin \
-e SOFFID_PASS=changeit \
-e SOFFID_HOSTNAME=ssh-gateway \
-e STORE_SERVER=http://soffid.pat.pam:8082 \
-e STORE_PASSWORD=kDH0vh8MFWWn843Vhzmj0Np7uzMEfbqFYM1ELCQqOf++tF0xfd=Ve2eGq81OXvqy \
-e STORE_USER=proxysshtest \
-v soffid-ssh:/opt/soffid/iam-sync/conf \
--publish 2222:22 \
--network=soffidnet \
soffid/pam-ssh:1.4.2
Environment Variables
docker run \
--name soffid-ssh \
-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
-e SOFFID_USER=admin \
-e SOFFID_PASS=changeit \
-e SOFFID_HOSTNAME=ssh-gateway \
-e STORE_SERVER=http://soffid.pat.pam:8082 \
-e STORE_PASSWORD=kDH0vh8MFWWn843Vhzmj0Np7uzMEfbqFYM1ELCQqOf++tF0xfd=Ve2eGq81OXvqy \
-e STORE_USER=proxysshtest \
-v soffid-ssh:/opt/soffid/iam-sync/conf \
--publish 2222:22 \
--network=soffidnet \
soffid/pam-ssh:1.4.2
To create the new SSH container you need to set the following environment variables:
Variable | Description | Example |
SOFFID_SERVER |
Sync Server URL |
https://syncserver01.soffid.com:1760 |
SOFFID_USER |
Soffid user to join the security domain |
admin |
SOFFID_PASSWORD |
Soffid user password |
changeit |
SOFFID_HOSTNAME |
The hostname used to access the ssh gateway |
ssh-gateway |
STORE_SERVER |
Store URL |
http://soffid.pat.pam:8082 |
STORE_PASSWORD |
Store password |
**************** |
STORE_USER |
Store user |
proxyssh |
/opt/soffid/tomee/bin/./add-user.sh proxyssh launcher
docker volume create soffid-ssh
docker run --name soffid-ssh \-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \-e SOFFID_USER=admin \-e SOFFID_PASS=admin123 \-e SOFFID_HOSTNAME=ssh-gateway \-e STORE_SERVER=http://soffid.pat.pam:8082 \-e STORE_PASSWORD=kDH0vh8MFWWn843Vhzmj0Np7uzMEfbqFYM1ELCQqOf++tF0xgSrVe2eGq81OXvqy \-e STORE_USER=proxyssh \-v soffid-ssh:/opt/soffid/iam-sync/conf \--add-host soffid.pat.pam:192.168.133.1 \--add-host forge.dev.lab:10.129.120.5 \--publish 2222:22 \--network=soffidnet.intenal \soffid/pam-ssh:1.4.2