About SSH Range Applications

Overview

Using the Access Client, you can access SSH servers in an SSH range using the SSH Range Application and get all the capabilities for SSH command visibility.

The SSH Range Application allows administrators to configure an IP range or a DNS wildcard that has multiple SSH servers. Atmos Agent users with access to the SSH application can now access all the servers in all their SSH ranges without going to the User Portal. Every SSH command is available in the Insights Dashboard and log export. Using this approach removes the administration of defining a single SSH application for each individual server.

📘

Note

This is a limited release feature.
For more information contact Axis Security Support: [email protected]

📘

Important

This feature is only supported when you have a single set of credentials for each user to connect to all your servers in the SSH range. If you have a different private key for each user for each one of your SSH servers or use different credentials for user login into these SSH range, this feature is not supported.

Which type of application should an Admin use to grant access to an SSH server?

SSH servers can be accessed using three types of Axis applications:

  • SSH Application: Provides clientless access to a single server, with full command visibility for a single SSH server.
  • Network Range Application: Provides Atmos Agent access to a server range, without command visibility for multiple SSH servers.
  • SSH Range Application: Provides Atmos Agent access to a server range with full command visibility. It can be used in cases where the user uses the same credentials when connecting to each server in the SSH range.

📘

Note

The command visibility is optional and can be turned off using the SSH security profile.

The following table summarizes the ways you can use an SSH application.

Table 1: SSH Application Use Cases

Use CaseSSH ApplicationNetwork RangeSSH Range Application
Support clientless accessYesNoNo
Define multiple servers in one applicationNoYesYes
Provide SSH command visibility ​YesNoYes
Use different credentials for each server​YesYesNo

What is Required from the End-User?

The user needs to upload their credentials: username and password or user name and private key in the User Portal. See Connecting to an SSH Range Application.

ICMP Requirements

For information on the requirements needed to enable ICMP, click here.

Which ICMP Commands are Supported?

For information on which ICMP commands are supported, click here.

Prerequisites

Obtain the SSH range for your SSH servers to which you want to provide access.

Deploying a SSH Range Application

To deploy an SSH Range Application:

  1. Add an SSH Server Application
  2. Add an SSH Range Profile