Adding a SSH Zero Trust Application

Prerequisite

Make sure you have the credentials to access the application over SSH.

To add an SSH Zero trust Application:

1. Access the Harmony SASE Administrator Portal and click Private Access > Applications.

2. Click Add Application.

   

   The Add application window appears.

   

3. In the General Settings section, enter these:

   1. Application Name - Name of the application.

   2. Protocol - SSH

   3. Icon - Icon for the application.

   4. Host - Internal IP address of the server to which you want to connect.

   5. Port - 22

   6. Network - Network that hosts the application.

   7. (Optional) Display Application Icon at Login Screen - Displays the application icon for the member in the login page.

   8. (Optional) URL Alias - URL for members to access the application.

      Important - You cannot add a URL alias after you create the application.

      

   9. In the External Domain (CNAME) field, enter a CNAME associated with your domain.

   10. From the SSL Certificate list, select the application domain SSL certificate uploaded in Certificate Manager.

   11. Go to your DNS administrator (for example, GoDaddy or R53 in AWS).

       Under your domain, use the CMANE specified in the previous step and point it to the application FQDN. The FQDN appears in the application settings after you click Apply.

       

4. In the Authentication section, select the Authentication type:

   
   

   • For Username/Password, enter the username and password as predefined on the server.

   • For Private Key/Username/Passphrase, enter these:

     1. Username: Username predefined on the server.

     2. Private Key: Your RSA-SSH key. Note that a certificate typically starts with a prefix and a suffix such as the following:

        -----BEGIN RSA PRIVATE KEY-----

        -----END RSA PRIVATE KEY-----

     3. Passphrase: The passphrase set with SSH key. If there is no passphrase, leave as blank.

   Note - If you disable Authentication, then the member must enter the credentials when accessing the machine.

5. In the Access Groups and Members section, in the Groups and Members list, select the member groups that can access the application.

   

6. (Recommended) In the Policy Name list, select an application policy.

7. Click Apply.

   The system lists the application in the Applications page and enables it by default.

   

8. For members to access the application, see Accessing an Application by a Member.