Creating a TCP/IP Application Session

In addition to RDP and SSH, SSHepherd^® can also protect your TCP/IP applications.  It does this by running the application through localhost and connecting to it from the Control App or shepctl CLI.

To help with the configuration settings, we have documented just a few of the applications, web servers, and database configuration settings that can be protected by SSHepherd.  Contact us if there are other application configurations that you would like us to provide.

Whitelist your TCP/IP Application port on the SSHepherd Agent/Host

From your Host with the SSHepherd^® Agent installed, run the following command to whitelist your application port (replace the port number with the port number specific to your application:

shepagent add-whitelist --port 80

You should see confirmation that the port was added to the whitelist, and all whitelisted ports will be displayed. Once you have finished editing the whitelist, you will need to restart your agent before the changes will be effective.

Creating a secure tunnel using SSHepherd^® CLI

From your computer with the Control app/shepctl CLI installed, run the following command:

shepctl --hostname ip-172-31-20-229 --sshuser ubuntu --relayport 80 tunnel

In this example, the TCP/IP application is a web app, so after we’ve created our tunnel we can access the application from a web browser using localhost and the random port assigned by shepctl (http://127.0.0.1:24183). You can also configure shepctl to use a defined port.

Creating a secure tunnel using SSHepherd^® control CLI and a defined port

SSHepherd^® can also be configured to create a tunnel using a specific port. In order to do this, run the same command as above, with the addition of the –port argument.

shepctl --hostname ip-172-31-20-229 --sshuser ubuntu --relayport 80 tunnel --port 9999

You will now have access to your TCP/IP application using the port you specified. localhost:9999

Creating a secure tunnel using SSHepherd^® Control App

1. Launch the SSHepherd^® Control App.
2. Click the ‘+’ icon to bring up the ‘Configure Tunnel’ window.
3. Select a Host. This field contains a list of all Hosts you have been granted access to.
4. Select the Type. This field is the connection type for the session. Choose Other App from the list.
5. Tunnel Name. This field allows you to give the tunnel a descriptive name.
6. Local Port. By default, this option is set to ‘Automatic’ and will select a random port for you. The other option allows you to manually set a port for this tunnel.
7. Relay Port. This field is for the port your application is configured to use. It is also the port that you have whitelisted in the SSHepherd^® agent configuration file.
8. Save the Tunnel.

9. Click the toggle switch for the tunnel you just created to establish the SSHepherd^® tunnel.
10. You now have a secure tunnel open on localhost port 9999.