Skip to content

Manage

Add User

Control Panel

Visit SSHTrail Manage page and create a new user.

  • Enter username. Allowed characters are alpha numeric along with '.' / '-' / '_'. Note that username can be deleted only on support request.
  • Enter description to identify this user.

Add User

Once a user has been created, it shows in the list below. User Add confirmation

Create user login key

User needs to create a key for ssh login into SSHTrail server. New key can be created using command ssh-keygen command as shown below.

$ ssh-keygen  -b 4096  
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wideva/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/wideva/.ssh/id_rsa.
Your public key has been saved in /home/wideva/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:keqU2WzsNYpT6XL29MZiYXCvcTF02M1cu3LVKklXLpQ [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|             o.=+|
|         .  o.Eo*|
|        o  ...o.+|
|       B.o..oo oo|
|      = Soo.o+.o |
|     o * o+.o.o  |
|      = *..*     |
|       = o+.o    |
|         ..o.    |
+----[SHA256]-----+

$ cat /home/wideva/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiJA/U+6qWErZBs+LiHG2WL7gPLlNEeTql542VZnJpHhLRWuGx7XEZvSOJ/yepu+nFQydRfMYfvxUqpiU8gneo650KCRyZ45ioJuNmO1v3HcZt48if+11ckCZ1FBpnDtUOXAul1u7JmkKY6hiyMkZgkUEMOFsSNLGOkXPni5q1fEs3Sb+WTfvkq5WOrtsyxqvCXHTZPeoO8iwR8PmGotLUxjhvFv7xKvP9uWEh26ILnUXfTTrWSm59gcscpgA/Nwd7tkF4wmr8DnpwkqCJk1zm5j2xpM/pRkjwjb1Kn7I/zoKeHZlsV58l6EzxuanEPqJbPWAETsATI1JsHKKrFUeg6yS24RXWeKHJ/Jtw78Xa8kRAt1L3/cMcUQDMNneL/tE+zRNHGl+TtNJuXy1xmxZHmzDbwtxXktSC6ngzQvEbTCjyXY7ruKHnK+VN0eZgymm5nl7spQDiSu4FEGRop6xG3+y+C45f3wzbHepjOGG8DB2OiFN3PRxFYbcpGx569/8QAcnyiD3JLW5YiRt2dT/gaxO4ADGlnc6Nz0z8y2WO5AFXyesN4eA0OHJkBQF1lJdB4c0JHIEPuK9M2V/gyD8j5rei0MYxt30HeUFVwxuGyLZmYoev0XscUg23+FJYnMTQ+u7KrcYXylqjfeQvUL5CXEf2qn61Lj4kJfgoaoW3gw== [email protected]
The public key needs to be pasted for corresponding user. Edit SSH Key

Update SSH key

Key update usually takes upto 2 minutes to update authorized_keys file for respective user. Below is an example with SSHTrail running on 192.168.122.78 running on port 3113.

$ ssh -l johndoe  -p 3113  192.168.122.78  
#############################################################################################################
#                                                      Welcome user                                         # 
#                                   All connections are monitored and recorded                              #
#                          Disconnect IMMEDIATELY if you are not an authorized user!                        #
#                                                                                                           #
# This service is restricted to authorized users only.                                                      #
# Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.  #
#############################################################################################################

.... QRCode ..... 

Secret Key : WS2JPG2RTGSOGOPH 
TOTP URL : otpauth://totp/SSHTrail%20ssh:johndoe?secret=WS2JPG2RTGSOGOPH&issuer=SSHTrail%20ssh 
Enter OTP:

On first time login, SSHTrail will prompt with QRcode needed for configuring 2FA. Use Google Authenticator app in your mobile phone to scan the QR Code to add new key. QRCode can be too large and hence reduce font of your terminal to scan QRCode. You can also add using Secret Key.

First SSH Login

Copy OTP from Google Authenticator as OTP. In case, OTP login fails try ssh again. 

Enter OTP: 
johndoe> help                                                                                                                               

# SSH to remote host 
ssh <host> <port> <username>

# List Host ACL
list

# List all previous sessions
sessions [ <host> ]

# Get command history for a session
commands <session-id>

# List previous login sessions
last


johndoe> list                                                                                                                               
IPAddress       : HostName 
johndoe>

We dont have any host allowed for this user. Lets add a new host and allow this user access to the new host.

Add Host

On Manage SSHTrail, click on Add Host. Adding a host is very simple. Just enter hostname, IP address and server description.

Add Host

Allow user access to Host

Go to Users page and click on Change ACL, as shown below. User ACL

Select the hosts, you want to allow the user to login. Change User ACL

Copy User key to Host

To allow ssh access to the host, we need to copy the user's public key on SSHTrail host. In Users page, click on Public Key as highlighted below. User Public Key

Copy the key, and save it in destination host' corresponding user. In this demo, we will use user wideva on host 192.168.2.77. 

~$ [ -d ~/.ssh/ ] || mkdir -m 750 .ssh
~$ echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDjdtmvGeVKjg1lZ48QXRYDkejqlgL8exuhS5YxHjlVKsZkO7Xw7vCd0tNoU80N0qe4wCvflpnTKjVUSX/oLgJ9tYxuHsCrq7SXuW4mQNEupcNfflhHQRx1AkSD13vfFwqoU8R4DYEHB8erECj7Slm0XjJsEk/WT1MkXLnabrdDPv7yOLfFGWKayeMFodpLBkZ25KoBH1qaSL2vf1VpDATY9RFpDMRrH4U0HDSJYWt3Q1E3RkM0wTE4eJUxBvTI0KK1AfJG/vRZgZi108ZIlXT5GC5nmCwnQ1XUhy8HUAAAWV3RAWPD6egyBwSYNifAVue2jx6zpgEYcpQRth2nqiyyQGHuL7MDDTmutc1pDvFl0p6StRLJgB8PirdMEY+MVvMRxM+hTUki+7v1APZNJ0TgfvKBgwSpXNmHUDAF8XUbY4sxtSwFteD6/Ex7XrwTmWcoZmEU8seJtS7fsXmfiV+y0ovQHC8GwYLOwsbDxoialb/nJhyEW6VZYGOqblcXb1JTe5TkaQj/D3gs1a7rmzNTacdcSt6qhMtjOLGljA1M+SzhJc7wfalNo4HlP6ShFKgzw6y5/3Pdme2veOYnT0JUF23pb8TEMpXpIPNQHDqYdzbjC37mI3lpAxeh5H1/r7ipRZrYv/9dugSHUU12wiS6Gj2KsbS2oDf64bSq1UosQ== [email protected]' >> .ssh/authorized_keys

Time to login and check

If the user is already logged, user will have to logout and login to see changes in hostlist. 

$ ssh -l johndoe  -p 3113  192.168.2.78   
#############################################################################################################
#                                                      Welcome user                                         # 
#                                   All connections are monitored and recorded                              #
#                          Disconnect IMMEDIATELY if you are not an authorized user!                        #
#                                                                                                           #
# This service is restricted to authorized users only.                                                      #
# Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.  #
#############################################################################################################
Enter OTP: 
johndoe> list                                                                                                                               
IPAddress       : HostName 
192.168.2.77    : filetrail01 
johndoe> ssh 192.168.2.77 22 wideva 
*** Initiating SSH Connection 
Linux filetrail 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
Last login: Thu Apr 11 21:08:56 2019 from 10.168.3.6
[email protected]:~$ uptime 
 21:32:30 up 20 days,  7:06,  3 users,  load average: 0.00, 0.00, 0.00
[email protected]:~$ free -m 
              total        used        free      shared  buff/cache   available
Mem:            972         428          69          10         473         380
Swap:           251           2         249
[email protected]:~$ echo can you see this command ?
can you see this command ?
[email protected]:~$ # can you see this too 
[email protected]:~$ passwd 
Changing password for wideva.
(current) UNIX password: 
passwd: Authentication token manipulation error
passwd: password unchanged
[email protected]:~$ logout 

*** SSH Connection closed

Now that we have added user and mapped host. Lets find out how to get command history typed.