LiveTerminal is an integration that provides a simple and easy way to run an interactive terminal on a remote device that is behind a protected network.
IMPORTANT NOTE: The Addigy LiveTerminal user will have access to sudo without the use of a password across devices that have this integration enabled. It will do this by adding a Hidden Admin User.
If you are having issues with the LiveTerminal integration, please consult the following article:
FAQ: Troubleshooting Addigy LiveTerminal
Directory:
- Features
- Security Features
- Enabling LiveTerminal
- Starting a LiveTerminal Session
- Additional Information
Features
The Addigy LiveTerminal integration consists of an encrypted tunnel connection created through a direct SSH session. Because of the tunneling methods used, Addigy LiveTerminal provides a fast, direct connection to the device.
- Live command responses
- No infrastructure or firewall changes needed
- Tab completion
- Keyboard interrupts
- Support for continuous commands (tail -f, top, etc.)
- Native text editors (nano, vim, etc.)
- Instant terminal access
- Password-less login
- Password-less sudo
- Multiple sessions on same or different machines
- Multiple SSH windows
- Cloud-based for quick access anywhere
Security Features
Since LiveTerminal provides the highest level of console access to your Mac devices, we heavily prioritized the security of its design.
These are some of the security mechanisms put in place to ensure the security and integrity of LiveTerminal and its tunneled sessions:
- An encrypted public/private key pair is generated for each session that is removed at the expiration of the session.
- The session is validated using the client’s and agent’s Addigy credentials to verify that they are on authorized Addigy machines.
- A secondary public and private secret are passed to the server and agent to be verified upon establishing a connection.
- An AddigySSH user is hidden from all UI options and home directories so the user is essentially a ghost and will not disturb any other users on the agent (the home directory is located at /var/AddigySSH).
- A random 32 character UUID4 is generated as the password during the creation of the AddigySSH user ensuring no password is the same from device to device and will be extremely secure.
- The AddigySSH user is added as a sudoer in the /private/etc/sudoers.d/AddigySSH-perm file, which is pointed to from the /etc/sudoers file in order to ensure that the file is not modified in any way.
Enabling LiveTerminal
Addigy's LiveTerminal integration allows Addigy users to initiate a Terminal session on devices remotely. For an overview of LiveTerminal, see our article What Is Addigy LiveTerminal?
Note: AddigySSH will not be enabled on a device until it has run through its policy instructions. To immediately queue the policy instructions, go to select Deploy Now at the top right of the policy.
Enabling LiveTerminal Globally
- In Account >> Integrations, select the LiveTerminal tile:
- In the modal window that opens, toggle the integration to enable it. LiveTerminal will be enabled in all policies:
Managing LiveTerminal within Policies
Once enabled globally, LiveTerminal can be disabled and enabled for select policies.
- Navigate to a policy > Settings > Remote Control:
Note: The parent policy supersedes the settings of the child policy. If LiveTerminal is enabled in the parent policy, LiveTerminal will be enabled in all children, even if LiveTerminal is disabled in the child policy.
Starting a LiveTerminal Session
Launching a LiveTerminal Session from the Devices Page
- On the Devices page, select the dropdown next to a device and select the LiveTerminal link.
- Specify a time limit and select Start Session. A LiveTerminal session will open in a new tab.
Launching a LiveTerminal Session from GoLive
- On a device's GoLive page, select the LiveTerminal tab.
- Specify a time limit and select Start Session. A LiveTerminal session will launch in the terminal below.
Additional Information
Please see the following articles for Additional information on LiveTerminal: