Using SSH with ScaleFT can be as simple as
OpenSSH ProxyCommand is the recommended method of using SSH with ScaleFT. It involves only a little local SSH client configuration, and provides great convenience for normal SSH workflows.
This command will print an SSH configuration block for use in your local SSH configuration file (usually
~/.ssh/config). Just append the configuration to that file.
~/.ssh/config is configured, the command
sft login will open a ScaleFT session. This authorizes your SSH client to request credentials, and query metadata from our server inventory.
In some environments, OpenSSH ProxyCommand is not available. Users in those circumstances can use the
sft ssh command instead. The
sft ssh command is also helpful when testing new configurations (such as bastions) in ScaleFT, since you can easily pass ScaleFT specific arguments to it such as
To try it out, just run
sft ssh <hostname>.
You can see a list of available servers with the command
In many environments, you cannot reach hosts directly, but instead must traverse through a bastion or “gateway” host. With ScaleFT this is easy, and secure.
ScaleFT transparently enables SSH best-practices for traversing bastion hops securely. Your SSH client’s connection to the target host, as well as each intervening connection to an each bastion, is end-to-end encrypted, end-to-end mutually authenticated, and authorized with ephemeral client certificates.
You can add ad hoc bastion hops by adding the
--via command line option to
Bastions can be configured to be used consistently with a simple agent configuration on the target host. When a bastion is specified in an agent’s YAML configuration file, (i.e.
Bastion: bastion.example.com), the bastion will always be used when users are connecting to that server.
With the same
web0.example.com wtih a bastion configured as above, an SSH connection over the bastion is as simple as this: