Setting up the SSH Listener¶
This section describes how to setup SSH listener. To learn first steps of creating listener, please follow Creating a listener section.
Go to Settings tab and press the button in the Protocol field.
Select Legacy crypto option to allow negotiating older encryption algorithms when establishing connections.
Select the Case insensitivity option to disable case sensitivity in the username string when connecting over this listener.
Select ProxyJump option to allow an intermediary system to connect to the target server.
Select Announcement option to enable it’s field and type in the notification that will be presented to the user on the login screen.
In the Connection mode section, select desired connection mode.
Mode: bastion
Note
User connects to the target host by including name along with account login on the target server and target server address in the login string, e.g.
john_smith#root#192.168.0.110.For details on bastion connection mode, refer to Connection modes topic.
Select button in the Connection mode field.
Select the IP address from the Local address drop-down list and enter port number.
Note
The Local address drop-down list elements are IP address defined in the Network configuration menu (Network Interfaces Configuration) or labeled IP addresses (Labeled IP Addresses).
Selecting the
Anyoption will result in Fudo listening on all configured IP addresses.When a Listener is configured with User Access Gateway as the local address, only one connection option is displayed after login to User Access Gateway for clarity, and the connection uses the address from the browser’s address bar together with the listener’s configured port.
In case of cluster configuration, select a labeled IP address from the Local address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP Addresses topic.
Select External address option to enable its field and enter an IP address (or FQDN name) along with the port number, under which Fudo can be accessed from outside the local network.
Mode: proxy
Note
User connects to the target host by providing Fudo Enterprise IP address and port number which unambiguously identifies target host.
Select button in the Connection mode field.
Select the the IP address from the Local address drop-down list and enter port number.
Note
The Local address drop-down list elements are IP address defined in the Network configuration menu (Network Interfaces Configuration) or labeled IP addresses (Labeled IP Addresses).
Selecting the
Anyoption will result in Fudo listening on all configured IP addresses.When a Listener is configured with User Access Gateway as the local address, only one connection option is displayed after login to User Access Gateway for clarity, and the connection uses the address from the browser’s address bar together with the listener’s configured port.
In case of cluster configuration, select a labeled IP address from the Local address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP Addresses topic.
Select External address option to enable its field and enter an IP address (or FQDN name) along with the port number, under which Fudo can be accessed from outside the local network.
Mode: gateway
Deprecated since version 5.6
Fudo Enterprise 5.6 is the last version supporting gateway mode in the listeners configuration. Listeners using this mode must be reconfigured to use proxy and bastion modes before upgrading to the next release.
Fudo Enterprise 5.6 is the last version to support bridge interfaces and network interface cards with bypass mode. These components are tightly coupled with the transparent and gateway modes, which will also be removed in version 5.7. We recommend reviewing your network configuration to ensure compatibility with future versions.
Note
User connects to the target host by providing its actual IP address. Fudo Enterprise moderates the connection with the remote host using own IP address. This option requires deploying Fudo Enterprise in the bridge mode.
Select button in the Connection mode field.
Select the network interface used for handling connections over this listener.
Mode: transparent
Deprecated since version 5.6
Fudo Enterprise 5.6 is the last version supporting transparent mode in the listeners configuration. Listeners using this mode must be reconfigured to use proxy and bastion modes before upgrading to the next release.
Fudo Enterprise 5.6 is the last version to support bridge interfaces and network interface cards with bypass mode. These components are tightly coupled with the transparent and gateway modes, which will also be removed in version 5.7. We recommend reviewing your network configuration to ensure compatibility with future versions.
Note
User connects to the target host by providing its actual IP address. Fudo Enterprise moderates the connection with the remote host using user’s IP address. This option requires deploying Fudo Enterprise in the bridge mode.
Select button in the Connection mode field.
Select the network interface used for handling connections over this listener.
Mode: tunnel
Note
The user connects to the target server through an SSH tunnel.
Press the button in the Connection mode field.
From the Local address dropdown list, select an IP address and enter the port.
Note
The Keys field displays automatically generated SSH, TLS, and Standard RDP Security keys, as well as the TLS certificate required for “Tunnel”-type listener. You can also upload your own keys and certificate.
The Establishing Connections to Servers via SSH Tunnel in Fudo Enterprise section provides examples of how to establish such connections for selected protocols.
In the Fudo public key field, click to generate private/public key pair, or click to select file from local drive. If the key is secured with password, Fudo will prompt to provide passphrase before uploading it.
Click .
Related topics: