Logging on to remote server using SSH Secret

This topic explains how users log on to their remote server using their SSH secret.

During configuration of an SSH key secret in the vault, a port value is automatically added and mapped to the secret. The port value specifies the remote server.

To log on to the remote server with their secret, users specify their vault credentials together with the port, as detailed below.

How to view the port mapped to the secret using the GUI

To see the port number mapped to the secret using the GUI.

1. Log on to your KeyControl PASM Vault webGUI

2. Depending on your role:

   1. If you are an admin, select Manage > Manage Boxes.

   2. If you are non-admin, select Managed Secrets.

3. Click on the name of the relevant secret.

   The secret details are displayed.

4. Note the port shown in the secret details.

How to view the port mapped to the secret using the CLI

To see the port number mapped to the secret using the CLI.

1. Log on to the PASM CLI

2. To see the secret details run pasmcli get-secret.

   The secret details are displayed.

3. Note the proxy_port value.

To log on to the remote server using the secret

To log on to the remote server, you specify your vault user name, the vault IP address and the port mapped to the secret (which defines the remote server).

1. Log on to the remote sever:

   ssh -l <vault-user-name> <vault-ip-address> -p <port-number>

When you log out of the SSH session, ensure the SSH secret is checked back in using either the CLI or GUI if a lease is created for the corresponding SSH secret checkout. If you do not check in the SSH secret and exclusive checkout is configured, other users are not able to use the secret until is checked back in or the lease expires.