SSH Servers

Apono Connector

On-prem connection serving as a bridge between an SSH server and Apono:

Minimum Required Version: 1.4.0

Apono Secret

Value generated with the credentials of the SSH server user

"key": "base64_private_key"
"value": "<SSH_SERVER_PRIVATE_KEY>"

To find the private key in base64 format, run the following command.

cat /PATH-TO-KEY/key.pem | base64

User with Key Pair Authentication

Dedicated SSH server user account that authenticates with SSH key pairs

In the sudoers file, add the following line to allow Apono to execute commands with sudo privileges without a password prompt.

apono ALL=(ALL) NOPASSWD:ALL

JSON List of Servers

Structured list of SSH servers to which Apono will connect

The following information should be provided for each server:

• name: Unique identifier for the server

• host: IP address or hostname of the server

• user: (Optional) Username for the SSH connection. Default: apono

• port: (Optional) SSH port number. Default: 22

[{"name":"My Server 1","host":"10.0.100.1","user":"apono","port":22,"tags":{"key1":"value1","key2":"value2"}},{"name":"My Server 2","host":"10.0.100.2","user":"ec2-user","port":22,"tags":{"key1":"value1","key2":"value2"}},{"name":"My Server 3","host":"10.0.100.3","port":4422,"user":"ec2-user"},{"name":"My Server 4","host":"10.0.100.4","user":"root","port":22,"tags":{"key1":"value1","key2":"value2"}},{"name":"My Server 5","host":"10.0.100.5","user":"root","port":4422,"tags":{"key1":"value1","key2":"value2"}}]

User Groups

(Optional) User groups representing access to the SSH servers

Default: Default

The default represents access to the server with the user's default Linux group.

%GROUP_NAME ALL=(ALL:ALL) ALL

Integration Name

Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow

Servers

Minified JSON list of servers

User Groups

(Optional) Names of groups in the server representing the sudoer role

User's Login Shell

(Optional) Command-line interface program used to log in to an account via SSH

User Key Name

(Optional) Filename of the SSH key pair used for authentication

Credential Rotation

(Optional) Number of days after which the database credentials must be rotated

User cleanup after access is revoked (in days)

(Optional) Defines the number of days after access has been revoked that the user should be deleted

Custom Access Details

(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.

Integration Owner

1. From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.

2. From the Value dropdown menu, select one or multiple users or groups.

NOTE: When Resource Owner is defined, an Integration Owner must be defined.

Resource Owner

1. Enter a Key name. This value is the name of the tag created in your cloud environment.

2. From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.

NOTE: When this setting is defined, an Integration Owner must also be defined.