SSH setup

SSH is a secure shell that allows direct access to the command prompt. With the proper configuration, you can use SSH to connect to servers enrolled in Okta Privileged Access by entering the command ssh <hostname>

Use ProxyCommand with Okta Privileged Access

OpenSSH ProxyCommand is the recommended method of using SSH with Okta Privileged Access. It requires configuring the local SSH client, which then lets you use normal SSH workflows with Okta Privileged Access.

To configure the SSH client, run sft ssh-config

This command outputs an SSH configuration block. Append this block to your SSH configuration file (usually ~/.ssh/config). You can append the configuration to your file in one step by using the command sft ssh-config >> ~/.ssh/config

Now running sft login opens an Okta Privileged Access session. This authorizes your SSH client to request credentials and query metadata from the Okta Privileged Access server inventory.

Okta Privileged Access may encounter issues when using ProxyCommand on Windows devices if the client is installed in a directory that includes a space in the name. This happens if the client was installed system-wide, or installed by a user with a space in their username.

To resolve this issue, edit the .ssh/config file to include the 8.3 formatted path where the client is installed. For example if the client was installed at C:\Program Files (x86)\Scaleft\sft.exe, users would add C:\PROGRA~2\ScaleFT\sft.exe to .ssh/config file. Users can identify the 8.3 directory name with the dir /x command.

Use sft ssh

In environments where OpenSSH ProxyCommand isn't available, use sft ssh instead. This command can be helpful when testing new configurations in Okta Privileged Access, since you can easily pass Okta Privileged Access-specific arguments to it, such as --via

You can connect to a server by running sft ssh <hostname>. For example, to connect to, use the command sft ssh

You can see a list of available servers by running the command sft list-servers

Related topics

Customize SSHD configurations for servers

Okta Privileged Access clients