ScaleFT Client


The ScaleFT Client is a lightweight desktop application and command-line tool for Windows, macOS, and Linux.

Installation

Enrollment

After installing the client, you will enroll your client in your team with the command sft enroll.

This adds your new client to your client inventory on the ScaleFT Platform, and authorizes it to take actions on your behalf. After your client is enrolled, you will see it on your client list on the ScaleFT Dashboard.

Usage

sft [global options] command [command options] [arguments...]

Commands

sft config

Get and set sft configuration options

Many configuration options are available. See the Configuration section for details.

sft dash

Open your team’s dashboard in your browser

sft device-info

Shows your client’s device info as JSON

sft enroll

Adds your new client to your client inventory on the ScaleFT Platform

sft list-accounts

  • --columns: comma-delimited list of lowercase column names to print, only used for default output format
  • -l, --selector: Selector (label query) to filter on, see also Selectors
  • --output [format], -o [format] The output format must be one of: default, json, or describe

List the accounts this client is configured to be able to use

Examples
sft list-accounts -o json
sft list-accounts --columns account,id
sft list-accounts -l account=teamname --columns id,username

sft list-servers

  • --columns: comma-delimited list of lowercase column names to print, only used for default output format
  • -l, --selector: Selector (label query) to filter on, see also Selectors
  • --output [format], -o [format] The output format must be one of: default, json, or describe

List servers in the current team which your client has access to

Examples
sft list-servers -l os_type=windows
sft list-servers -l os_type=windows,project_name=Demo
sft list-servers -l os_type=windows --columns id,hostname
sft list-servers -l os_type=linux -o json

sft login

If logged out of your client’s current team, create a new session, authenticating with your team’s Identity Provider.

An active, authorized client session allows the ScaleFT Client to request credentials in the background as needed.

sft logout

Logout from current session

sft proxycommand

  • --config: Deprecated in favor of sft ssh-config
  • --via, --bastion: SSH bastion host to use to connect to the target

Used with OpenSSH ProxyCommand to enable transparent use of sft with ssh, scp, rsync, ftp, etc.

sft rdp

  • --via, --bastion: SSH bastion host to use to connect to the target

Connect to RDP to a target passed as an argument

sft resolve

Resolves a single server matching the hostname or instance-details specified

sft ssh

  • --via, --bastion: SSH bastion host to use to connect to the target
  • --command: Command to execute over SSH
  • -L: Support local port-forwarding as OpenSSH does
  • -R: Support remote port-forwarding as OpenSSH does

Connect via SSH to a target passed as an argument

Generally, ScaleFT works with ssh using OpenSSH ProxyCommand integration. The sft ssh command is provided for ssh support in environments or contexts where OpenSSH is not available, or for times when you may want to explicitly pass ScaleFT-specific options such as --via.

sft ssh-config

  • --via, --bastion: SSH bastion host to use to connect to the target

Print an OpenSSH configuration block suitable for use in your ~/.ssh/config file which will enable your local ssh binary to use ScaleFT authentication. This SSH configuration will be used only when your client has a currently active and authorized session.

sft unenroll

  • --all: Unenroll all local clients

Remove the currently active client from your client inventory in the ScaleFT Platform

sft use

Set an enrolled team as the current default for use in your current session

sft help

Shows a list of commands or help for one command

Global Command Line Options

  • -h, --help: Display help.
  • -v, --version: Display version.
  • --config-file: Provide alternative configuration file path.
  • --account: Use specified account
  • --team: Use specified team
  • --instance: Use specified instance of the ScaleFT Platform

All options are optional.

Selectors

  • -l, --selector: Selector (label query) to filter on

Commands which take a selector as an optional argument can filter their results based on an arbitrary selector query.

Selector syntax is based on Kubernetes Label Queries.

Example

sft list-servers -l os_type=windows,project_name=Demo

This command uses a selector to filter the list of servers you have access to, only returning the servers whose Operating System is Windows and which are in a Project named Demo.

Configuration

You can view or set configuration options with the sft config command.

No configuration file will be present upon initial installation of the ScaleFT Client. The configuration file will be created once you set your first configuration option.

Until you have set an explicit configuration value, all defaults will be used. The defaults provided for the ScaleFT Client are intended to provide the most security and ease of use for the most common situations. Aside from personal preferences, such as rdp.screensize, you may not need to set any client configurations at all.

ScaleFT Client configurations are grouped into sections. Currently sections include rdp, ssh, ssh_agent, service_auth, and update.

Viewing your configuration

  • sft config: Display your current configurations
  • sft config [section.key]: View the current value of a specific configuration indicated by section.key

Setting a configuration value

You can set a configuration value with the command syntax: sft config [section.key] [value].

Configuration Options

RDP

rdp.screensize

A string, such as 1024x768, describing your preferred RDP window size.

Examples
sft config rdp.screensize 800x600
sft config rdp.screensize 1024x768
rdp.fullscreen

If set to true, RDP sessions will be opened in fullscreen mode. This causes the rdp.screensize configuration to be ignored.

Examples
sft config rdp.fullscreen true
sft config rdp.fullscreen false

SSH

ssh.save_privatekey_passwords

If set to true, the ScaleFT Client will store any passphrases entered by the user in the workstation’s local cryptographic store.

Examples
sft config ssh.save_privatekey_passwords true
sft config ssh.save_privatekey_passwords false
ssh.port_forward_method

A value of “netcat” causes ScaleFT to remotely execute netcat (nc) as a means of port forwarding, instead of using the default native SSH port forwarding.

Examples
sft config ssh.port_forward_method netcat
sft config ssh.port_forward_method native
ssh.insecure_forward_agent

A value of “host” causes ScaleFT to set the ForwardAgent option when executing SSH commands. Note that ScaleFT-issued credentials are not added to the ssh-agent, so this is for use with hosts which are configured to accept an externally managed credential, such as a SSH public key which is not managed by ScaleFT.

Leaving this unset, or supplying a value of “none”, will cause ScaleFT not to forward SSH agent.

Examples
sft config ssh.insecure_forward_agent host
sft config ssh.insecure_forward_agent none

SSH Agent

ssh_agent.enable

If set, the ScaleFT Client will use an SSH agent when authenticating.

Examples
sft config ssh_agent.enable true
sft config ssh_agent.enable false
ssh_agent.keys

The value is a JSON array of paths to SSH private keys to be loaded into the SHH agent. You can append values to it using the --append flag.

Examples
sft config ssh_agent.keys '["/Users/alice/.ssh/id_rsa"]'
sft config ssh_agent.keys --append /Users/alice/.ssh/id_rsa
sft config ssh_agent.keys '[]'

Tip: When writing a JSON literal in Windows PowerShell, escape inner quotes, as in: sft config ssh_agent.keys '[\"C:\\Users\\alice\\.ssh\\id_rsa\"]'

Service Auth

service_auth.enable

If set, the ScaleFT Client will support authentication for service users.

Learn more about Service Users

Examples
sft config service_auth.enable true
sft config service_auth.enable false

Update

update.release_channel

The ScaleFT Client defaults to the stable update channel, but you can opt into receiving our more-frequent releases by setting this configuration to the test update channel.

Examples
sft config update.release_channel test
sft config update.release_channel stable

Environment Variables

SFT_DEBUG

When set, any command run will print internal logs and timing messages to stderr

Example
SFT_DEBUG=1 sft list-servers