target

Usages :

passhport-admin target list
passhport-admin target search [<pattern>]
passhport-admin target checkaccess [<pattern>]
passhport-admin target show [<name>]
passhport-admin target create [((<name> <hostname>) [--login=<login>] [--type=<ssh>] [--comment=<comment>] [--sshoptions=<sshoptions>] [--port=<port>])]
passhport-admin target edit [(<name> [--newname=<name>] [--newhostname=<hostname>] [--newlogin=<login>] [--newcomment=<comment>] [--newsshoptions=<sshoptions>] [--newport=<port>])]
passhport-admin target (adduser | rmuser) [(<username> <targetname>)]
passhport-admin target (addusergroup | rmusergroup) [(<usergroupname> <targetname>)]
passhport-admin target delete [([-f | --force] <name>)]

list

passhport-admin target list show all the configured targets.

Example :

admin@bastion:~$ passhport-admin target list
srv1.compagny.com
srv2.compagny.com
srv3.compagny.com
websrv.ext.client.com
webbackend.ext.client.com
admin@bastion:~$

checkaccess

passhport-admin target checkaccess [<PATTERN>] verifies that PaSSHport has access to the all targets that correspond to the given pattern.

Example :

admin@bastion:~$ passhport-admin target checkaccess web
OK:    132.123.45.67   websrv.ext.client.com
OK:    132.234.56.78   webbackend.ext.client.com
admin@bastion:~$

If no pattern is given, user enters in interactive mode.

Example :

admin@bastion:~$ passhport-admin target checkaccess
Pattern: web
OK:    132.123.45.67   websrv.ext.client.com
OK:    132.234.56.78   webbackend.ext.client.com
admin@bastion:~$

show

passhport-admin target show <NAME> shows informations about the target <NAME>.

Example :

admin@bastion:~$ passhport-admin target show websrv.ext.client.com
Name: websrv.ext.client.com
Hostname: 132.123.45.67
Server Type : ssh
Login: root
Port: 22
SSH options:
Comment:
Attached users:
Usergroup list:
Users who can access this target: admin1@compagny.com admin2@compagny.com
All usergroups:
Member of the following targetgroups: all-targets
admin@bastion:~$

If no pattern is given, user enters in interactive mode.

Example :

admin@bastion:~$ passhport-admin target show
Name: websrv.ext.client.com
Name: websrv.ext.client.com
Hostname: 132.123.45.67
Server Type : ssh
Login: root
Port: 22
SSH options:
Comment:
Attached users:
Usergroup list:
Users who can access this target: admin1@compagny.com admin2@compagny.com
All usergroups:
Member of the following targetgroups: all-targets
admin@bastion:~$

create

passhport-admin target create [((<name> <hostname>) [--login=<login>] [--type=<ssh>] [--comment=<comment>] [--sshoptions=<sshoptions>] [--port=<port>])] creates a new target.

Argument Description
<name> Name of the target to create
hostname Hostname or IP of the target
--login Login to use when accessing the target (optional)
--type The type of the target (for the commercial version only). It can be ssh, postgresql, mysql, oracle.<br/> This is used to know which hook to launch, depending on the server<br/> type. If type is something else than ssh, the server won't be <br/> accessible via SSH. If the target is a PostGreSQL server and you <br/> want to launch the corresponding hook (usually a proxy to log user <br/> actions, use postgresql type). Same explanations for mysql and <br/> oracle.<br/> Use the default ssh, unless you have the commercial version.<br/>
--comment Comment concerning the target (optional)
--sshoptions SSH options to use when connecting to the target (optional)
--port SSH port to use when connecting to the target (optional)

Example :

admin@bastion:~# passhport-admin target create firewall.compagny.com 87.65.43.219 --login=root --comment="Client 1 web server number 1"
OK: "firewall.compagny.com" -> created
admin@bastion:~#

If no argument is given, user enters in interactive mode.

Example :

admin@bastion:~# passhport-admin target create
Name: firewall2.compagny.com
Hostname: 87.65.43.220
Type (default is ssh):
Login (default is root):
Port: 22
SSH Options:
Comment: Client 1 FireWall 2 (Cisco)
OK: "firewall1.compagny.com" -> created
admin@bastion:~#

Once the target is created, you should add a passhport ssh public key to the target and use "checkaccess" to verify everything is ok.

edit

passhport-admin target edit [(<name> [--newname=<name>] [--newhostname=<hostname>] [--newtype=<ssh>] [--newlogin=<login>] [--newcomment=<comment>] [--newsshoptions=<sshoptions>] [--newport=<port>])] edits an existing target.

Argument Description
<name> Name of the target to edit
--newname New name of the target if you want to rename it (optional)
--newhostname New hostname/IP of the target (optional)
--newtype The type of the target (for the commercial version only). It can be ssh, postgresql, mysql, oracle.<br/> This is used to know which hook to launch, depending on the server<br/> type. If type is something else than ssh, the server won't be <br/> accessible via SSH. If the target is a PostGreSQL server and you <br/> want to lauch the corresponding hook (usually a proxy to log user <br/> actions, use postgresql type). Same explanations for mysql and <br/> oracle.<br/> Use the default ssh, unless you have the commercial version.<br/>
--newlogin New login to use when accessing the target (optional)
--newcomment New comment concerning the target (optional)
--newsshoptions New SSH options to use when connecting to the target (optional)
--newport New SSH port to use when connecting to the target (optional)

Example :

admin@bastion:~# passhport-admin target edit firewall.compagny.com --newname=firewall1.compagny.com --newcomment="Client 1 FireWall 1 (Cisco)" --newlogin="admin"
OK: "firewall.compagny.com" -> edited
admin@bastion:~#

If no argument is given, user enters in interactive mode. It firsts shows all parameters of the target, then displays each parameters for a change. User can keep any previous configured parameter, just by typing "Enter". They only exception is the comment. If user wants to remove the comment, he just type "Enter", and will then be asked if the original comment should be removed or not.

Example :

admin@bastion:~# passhport-admin target edit
Name of the target you want to modify: firewall2.compagny.com
Name: firewall2.compagny.com
Hostname: 87.65.43.220
Server Type : ssh
Login: root
Port: 22
SSH options:
Comment: Client 1 FireWall 2 (Cisco)
Attached users:
Usergroup list:
Users who can access this target:
All usergroups:
Member of the following targetgroups:
New name:
New hostname:
New Login: admin
New port:
New SSH options:
New comment:
Remove original comment? [y/N]N
OK: "firewall2.compagny.com" -> edited
admin@bastion:~#

As you can see above, we only changed the "New Login" entry. If an entry is simply replied with "enter", it keeps the previous value.

adduser

passhport-admin target adduser [(<username> <targetname>)] connects a target directly to a user.

Argument Description
<username> Name of the user to connect to the target
<targetname> Name of the target on which to connect the user

Example :

admin@bastion:~# passhport-admin target adduser admin1@compagny.com firewall1.compagny.com
OK: "admin1@compagny.com" added to "firewall1.compagny.com"
admin@bastion:~#

If no argument is given, user enters in interactive mode.

Example :

admin@bastion:~# passhport-admin target adduser
Username: admin2@compagny.com
Targetname: firewall2.compagny.com
OK: "admin2@compagny.com" added to "firewall2.compagny.com"
admin@bastion:~#

rmuser

passhport-admin target rmuser [(<username> <targetname>)] deletes the direct connection between a target and a user.

Argument Description
<username> Name of the user to disconnect to the target
<targetname> Name of the target on which to disconnect the user

Example :

admin@bastion:~# passhport-admin target rmuser admin1@compagny.com firewall1.compagny.com
OK: "admin1@compagny.com" removed from "firewall1.compagny.com"
admin@bastion:~#

If no argument is given, user enters in interactive mode.

Example :

admin@bastion:~# passhport-admin target rmuser
Username: admin2@compagny.com
Targetname: firewall2.compagny.com
OK: "admin2@compagny.com" removed from "firewall2.compagny.com"
admin@bastion:~#

addusergroup

passhport-admin target addusergroup [(<usergroupname> <targetname>)] connects a target directly to a usergroup.

Argument Description
<usergroupname> Name of the usergroup to connect to the target
<targetname> Name of the target on which to connect the usergroup

Example :

admin@bastion:~# passhport-admin target addusergroup firewall-admins firewall1.compagny.com
OK: "firewall-admins" added to "firewall1.compagny.com"
admin@bastion:~#

If no argument is given, user enters in interactive mode.

Example :

admin@bastion:~# passhport-admin target addusergroup
Usergroupname: firewall-admins
Targetname: firewall2.compagny.com
OK: "firewall-admins" added to "firewall2.compagny.com"
admin@bastion:~#

rmusergroup

passhport-admin target delusergroup [(<usergroupname> <targetname>)] delete the connection between a target and a usergroup.

Argument Description
<usergroupname> Name of the usergroup to disconnect to the target
<targetname> Name of the target on which to disconnect the usergroup

Example :

admin@bastion:~# passhport-admin target addusergroup firewall-admins firewall1.compagny.com
OK: "firewall-admins" added to "firewall1.compagny.com"
admin@bastion:~#

If no argument is given, user enters in interactive mode.

Example :

admin@bastion:~# passhport-admin target addusergroup
Usergroupname: firewall-admins
Targetname: firewall2.compagny.com
OK: "firewall-admins" added to "firewall2.compagny.com"
admin@bastion:~#

delete

passhport-admin target delete [([-f | --force] <name>)] delete a target.

Argument Description
<name> Name of the target to delete
-f or --force If used, user won't be prompt for confirmation

Example :

admin@bastion:~# passhport-admin target delete firewall1.compagny.com
Name: firewall1.compagny.com
Hostname: firewall1.compagny.com
Server Type : ssh
Login: admin
Port: 22
SSH options:
Comment: Client 1 FireWall 1 (Cisco)
Attached users:
Usergroup list: firewall-admins
Users who can access this target:
All usergroups: firewall-admins
Member of the following targetgroups:
Are you sure you want to delete firewall1.compagny.com? [y/N] y
OK: "firewall1.compagny.com" -> deleted
admin@bastion:~#

If no argument is given, user enters in interactive mode.

Example :

admin@bastion:~# passhport-admin target delete
Name: firewall2.compagny.com
Name: firewall2.compagny.com
Hostname: 87.65.43.220
Server Type : ssh
Login: admin
Port: 22
SSH options:
Comment: Client 1 FireWall 2 (Cisco)
Attached users:
Usergroup list: firewall-admins network-admins
Users who can access this target:
All usergroups: firewall-admins network-admins
Member of the following targetgroups:
Are you sure you want to delete firewall2.compagny.com? [y/N] y
OK: "firewall2.compagny.com" -> deleted
admin@bastion:~#