Manage
Add User
Control Panel
Visit SSHTrail Manage page and create a new user.
- Enter username. Allowed characters are alpha numeric along with '.' / '-' / '_'. Note that username can be deleted only on support request.
- Enter description to identify this user.
Once a user has been created, it shows in the list below.
Create user login key
User needs to create a key for ssh login into SSHTrail server. New key can be created using command ssh-keygen command as shown below.
$ ssh-keygen -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/wideva/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/wideva/.ssh/id_rsa. Your public key has been saved in /home/wideva/.ssh/id_rsa.pub. The key fingerprint is: SHA256:keqU2WzsNYpT6XL29MZiYXCvcTF02M1cu3LVKklXLpQ [email protected] The key's randomart image is: +---[RSA 4096]----+ | o.=+| | . o.Eo*| | o ...o.+| | B.o..oo oo| | = Soo.o+.o | | o * o+.o.o | | = *..* | | = o+.o | | ..o. | +----[SHA256]-----+ $ cat /home/wideva/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiJA/U+6qWErZBs+LiHG2WL7gPLlNEeTql542VZnJpHhLRWuGx7XEZvSOJ/yepu+nFQydRfMYfvxUqpiU8gneo650KCRyZ45ioJuNmO1v3HcZt48if+11ckCZ1FBpnDtUOXAul1u7JmkKY6hiyMkZgkUEMOFsSNLGOkXPni5q1fEs3Sb+WTfvkq5WOrtsyxqvCXHTZPeoO8iwR8PmGotLUxjhvFv7xKvP9uWEh26ILnUXfTTrWSm59gcscpgA/Nwd7tkF4wmr8DnpwkqCJk1zm5j2xpM/pRkjwjb1Kn7I/zoKeHZlsV58l6EzxuanEPqJbPWAETsATI1JsHKKrFUeg6yS24RXWeKHJ/Jtw78Xa8kRAt1L3/cMcUQDMNneL/tE+zRNHGl+TtNJuXy1xmxZHmzDbwtxXktSC6ngzQvEbTCjyXY7ruKHnK+VN0eZgymm5nl7spQDiSu4FEGRop6xG3+y+C45f3wzbHepjOGG8DB2OiFN3PRxFYbcpGx569/8QAcnyiD3JLW5YiRt2dT/gaxO4ADGlnc6Nz0z8y2WO5AFXyesN4eA0OHJkBQF1lJdB4c0JHIEPuK9M2V/gyD8j5rei0MYxt30HeUFVwxuGyLZmYoev0XscUg23+FJYnMTQ+u7KrcYXylqjfeQvUL5CXEf2qn61Lj4kJfgoaoW3gw== [email protected]

Key update usually takes upto 2 minutes to update authorized_keys file for respective user. Below is an example with SSHTrail running on 192.168.122.78 running on port 3113.
$ ssh -l johndoe -p 3113 192.168.122.78 ############################################################################################################# # Welcome user # # All connections are monitored and recorded # # Disconnect IMMEDIATELY if you are not an authorized user! # # # # This service is restricted to authorized users only. # # Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies. # ############################################################################################################# .... QRCode ..... Secret Key : WS2JPG2RTGSOGOPH TOTP URL : otpauth://totp/SSHTrail%20ssh:johndoe?secret=WS2JPG2RTGSOGOPH&issuer=SSHTrail%20ssh Enter OTP:
On first time login, SSHTrail will prompt with QRcode needed for configuring 2FA. Use Google Authenticator app in your mobile phone to scan the QR Code to add new key. QRCode can be too large and hence reduce font of your terminal to scan QRCode. You can also add using Secret Key.
Copy OTP from Google Authenticator as OTP. In case, OTP login fails try ssh again.
Enter OTP: johndoe> help # SSH to remote host ssh <host> <port> <username> # List Host ACL list # List all previous sessions sessions [ <host> ] # Get command history for a session commands <session-id> # List previous login sessions last johndoe> list IPAddress : HostName johndoe>
We dont have any host allowed for this user. Lets add a new host and allow this user access to the new host.
Add Host
On Manage SSHTrail, click on Add Host. Adding a host is very simple. Just enter hostname, IP address and server description.
Allow user access to Host
Go to Users page and click on Change ACL, as shown below.
Select the hosts, you want to allow the user to login.
Copy User key to Host
To allow ssh access to the host, we need to copy the user's public key on SSHTrail host. In Users page, click on Public Key as highlighted below.
Copy the key, and save it in destination host' corresponding user. In this demo, we will use user wideva on host 192.168.2.77.
~$ [ -d ~/.ssh/ ] || mkdir -m 750 .ssh ~$ echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDjdtmvGeVKjg1lZ48QXRYDkejqlgL8exuhS5YxHjlVKsZkO7Xw7vCd0tNoU80N0qe4wCvflpnTKjVUSX/oLgJ9tYxuHsCrq7SXuW4mQNEupcNfflhHQRx1AkSD13vfFwqoU8R4DYEHB8erECj7Slm0XjJsEk/WT1MkXLnabrdDPv7yOLfFGWKayeMFodpLBkZ25KoBH1qaSL2vf1VpDATY9RFpDMRrH4U0HDSJYWt3Q1E3RkM0wTE4eJUxBvTI0KK1AfJG/vRZgZi108ZIlXT5GC5nmCwnQ1XUhy8HUAAAWV3RAWPD6egyBwSYNifAVue2jx6zpgEYcpQRth2nqiyyQGHuL7MDDTmutc1pDvFl0p6StRLJgB8PirdMEY+MVvMRxM+hTUki+7v1APZNJ0TgfvKBgwSpXNmHUDAF8XUbY4sxtSwFteD6/Ex7XrwTmWcoZmEU8seJtS7fsXmfiV+y0ovQHC8GwYLOwsbDxoialb/nJhyEW6VZYGOqblcXb1JTe5TkaQj/D3gs1a7rmzNTacdcSt6qhMtjOLGljA1M+SzhJc7wfalNo4HlP6ShFKgzw6y5/3Pdme2veOYnT0JUF23pb8TEMpXpIPNQHDqYdzbjC37mI3lpAxeh5H1/r7ipRZrYv/9dugSHUU12wiS6Gj2KsbS2oDf64bSq1UosQ== [email protected]' >> .ssh/authorized_keys
Time to login and check
If the user is already logged, user will have to logout and login to see changes in hostlist.
$ ssh -l johndoe -p 3113 192.168.2.78 ############################################################################################################# # Welcome user # # All connections are monitored and recorded # # Disconnect IMMEDIATELY if you are not an authorized user! # # # # This service is restricted to authorized users only. # # Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies. # ############################################################################################################# Enter OTP: johndoe> list IPAddress : HostName 192.168.2.77 : filetrail01 johndoe> ssh 192.168.2.77 22 wideva *** Initiating SSH Connection Linux filetrail 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. You have mail. Last login: Thu Apr 11 21:08:56 2019 from 10.168.3.6 [email protected]:~$ uptime 21:32:30 up 20 days, 7:06, 3 users, load average: 0.00, 0.00, 0.00 [email protected]:~$ free -m total used free shared buff/cache available Mem: 972 428 69 10 473 380 Swap: 251 2 249 [email protected]:~$ echo can you see this command ? can you see this command ? [email protected]:~$ # can you see this too [email protected]:~$ passwd Changing password for wideva. (current) UNIX password: passwd: Authentication token manipulation error passwd: password unchanged [email protected]:~$ logout *** SSH Connection closed
Now that we have added user and mapped host. Lets find out how to get command history typed.