Addigy LiveTerminal Integration v2.0 provides a newer and improved interactive terminal. This feature provides a more performant and secure terminal option available currently in Addigy without compromising on simplicity.
Addigy LiveTerminal v2.0 has the following new functionality:
- Improved Performance
- Improved connection handling for running multiple sessions.
- Improved Security
- Larger encryption keys have been implemented, this may cause the session to take a bit longer to initiate.
- You can no longer refresh a session, the session would be valid for one use only.
- We now use a dedicated service URL (listed below).
- New binary implemented (/Library/Addigy/pstunnel)
- New service URL (https://pstunnel-prod.addigy.com/)
- New interface URL (https://liveterminal.addigy.com/)
- Feedback option (Allows you to submit feedback on the new LiveTerminal)
- Customization of Session Duration
- Customization of "Terminal Themes"
- Improved Feedback Collection Process
IMPORTANT NOTE: The Addigy LiveTerminal user will have access to sudo without the use of a password across devices that have this integration enabled. This is similar to the root access that the legacy Addigy terminal provides with some notable improvements. It will do this by adding a Hidden Admin User.
The Addigy LiveTerminal integration consists of an encrypted tunnel connection created through a direct SSH session. Because of the tunneling methods used, LiveTerminal provides a fast, direct connection to the device.
- Live command responses
- No infrastructure or firewall changes needed
- Familiar terminal interface
- Tab completion
- Keyboard interrupts
- Support for continuous commands (tail -f, top, etc.)
- Native text editors (nano, vim, etc.)
- Instant terminal access
- Password-less login
- Password-less sudo
- Multiple sessions on same or different machines
- Multiple SSH windows
- Cloud-based for quick access anywhere
Since Addigy LiveTerminal provides the highest level of console access to your Mac devices, we heavily prioritized the security of its design.
These are some of the security mechanisms put in place to ensure the security/integrity of Addigy LiveTerminal and its tunneled sessions:
- An encrypted public/private key pair is generated for each session that is removed at the expiration of the session.
- The session is validated using the client’s and agent’s Addigy credentials to verify that they are on authorized Addigy machines.
- A secondary public and private secret are passed to the server and agent to be verified upon establishing a connection.
- An AddigySSH user is hidden from all UI options and home directories so the user is essentially a ghost and will not disturb any other users on the agent. (home directory is located at /var/AddigySSH)
- A random 32 character UUID4 is generated as the password during the creation of the AddigySSH user ensuring no password is the same from device to device and will be extremely secure.
- The AddigySSH user is added as a sudoer in the /private/etc/sudoers.d/AddigySSH-perm file, which is pointed to from the /etc/sudoers file in order to ensure that the file is not modified in any way.
Enabling Addigy LiveTerminal
Enable the Addigy Live Terminal Integration on the Account -> Integrations.
Once enabled globally, Live Terminal can be disabled for select policies on the Policies -> Integrations section. It should be noted that the parent policy supersedes the setting of the child policy. If Live Terminal is enabled in the parent policy, Live Terminal will be enabled in all children, even if Live Terminal is disabled in the child policy.
AddigySSH will not be enabled on a device until it has run through its policy instructions. To immediately queue the policy instructions, go to Policies -> Deploy Changes and select Deploy Now.
Launch the New LiveTerminal from Devices Page > New LiveTerminal or GoLive -> New LiveTerminal.
Trouble Shooting Addigy LiveTerminal
In the event that Live terminal is unresponsive or failing to load, please see our article Addigy LiveTerminal Not Loading.