SSH applications

Secure shell (SSH) is a network protocol for operating network services securely over an unsecured network by providing a secure channel to connect an SSH client with an SSH server. Through the use of public-key cryptography pairs, better known as keys, SSH authenticates a remote computer and allows it to authenticate users with public-private key pairs.

In Enterprise Application Access (EAA), SSH enables remote developers to access applications from a browser without exposing the desktop on the Internet. SSH applications in Enterprise Application Access simplify key management because the private key of the pair lives on the connector and the administrator has the public key. The administrator can access an application without providing the public key to the user.

Configure and deploy a SSH application

Create an SSH application and configure it with settings that define how users interact with the remote application environment.

Enterprise Application Access supports both public-private key pairs and username and passphrase as modes of authentication for secure shell (SSH). SSH is more secure way to connect to any server that logging in with user name and password since both the public-private key pairs are needed for authenticating with the SSH server. Browser-based SSH applications in Enterprise Application Access currently support only RSA and DSA keys for key verification.

1. Add an SSH application. For instructions on creating an application, see Add an application to EAA. When you complete the step for selecting the application type, ensure that you select SSH.

2. In App Settings, configure the following:

   • Akamai Cloud Zone. Select a cloud zone located closest to the datacenter where your application resides.

   • SSH Username. Enter the user name used for authentication with the application. If it is provided, the application asks for a password at login. If it is not provided, the application asks for both a username and password at login.

   • SSH Passphrase. The passphrase is needed to decrypt the private key used in public key authentication. It is optional and is not needed if the private key does not require a paraphrase when you configured the SSH keys in your SSH server. But, if the private key requires a paraphrase and is not provided here, the user is prompted for it when connecting to the SSH server.

   • SSH Private Key. Paste the entire contents of the private key used for public key authentication. It should be in RSA Base64 PEM format and generated by OpenSSH ssh-keygen utility.

   • SSH Host Key. If you want the EAA connector to validate the origin server, enter a key for the SSH Host. If no key is provided, SSH host validation is not done. Multiple SSH host keys are not supported.

   • Disable clipboard functionality. Use this option to prevent users from copying information from a RDP session. Otherwise you can copy the information from the session window.

3. Select an External Host and enter the hostname for the application. Configure one of the following:

   • If you select Use Akamai domain, enter a URL, for example: https://ssh-autoserver.go.akamai-access.com. You don't need to configure certificates.

   • If you select Use your domain you need to specify certificate a for the domain and set up a CNAME redirect. See Add, edit, and delete certificates, Associate a certificate for using your own domain for your application and Set up a CNAME redirect for an application.

4. You can also configure optional application category.

5. To add connectors to the application go to Connectors.

   📘

   More than one connector is recommended for high-availability and load balancing.

6. Click Associate connector and select one or more connectors. Click Associate.
   To remove a connector, hover over it and click Disassociate.

   📘

   The connector should run to deploy the application.

   The associated connector appears in Connectors.

7. In Server Settings for Application server IP/FQDN. configure the following:

   1. In Protocol select ssh (default) for SSH traffic.

   2. In Host: Port enter a valid internal IP address for the server or the fully qualified domain name (FQDN) that you use to access this web server when inside your company's network. Also enter an IP port number.
      You see a DRAFT VERSION next to the application name, until you deploy the application.

8. To add authentication to the application in Authentication enable Authentication.

9. In Identity provider, select an identity provider from the list.

10. Click Assign Directory and select one or more directories from the list.

11. Click Associate.
    The directory appears in Assigned Directories.

12. To configure optional Services see Set up services for an application.

13. To configure optional Advanced settings, see Set up advanced settings for an application.

14. In History leave default configuration and click Save.
    Hover over the Deployment symbol, if all configurations are correct, Ready for Deployment appears.

15. Deploy the application.