Addigy Live Terminal provides a simple and easy way to run an interactive terminal to a remote device that is behind a protected network without requiring any network changes.
This feature provides a more robust and familiar terminal interface than the legacy Terminal option available currently in Addigy without compromising on simplicity.
IMPORTANT NOTE: The Addigy Live Terminal user will have access to sudo without the use of a password across devices that have this integration enabled. This is similar to the root access that the legacy Addigy terminal provides with some notable improvements. It will do this by adding a Hidden Admin User.
The Addigy Live Terminal integration consists of an encrypted tunnel connection created through a direct SSH session. Because of the tunneling methods used, ATL provides a fast, direct connection to the device.
- Live command responses
- No infrastructure or firewall changes needed
- Familiar terminal interface
- Tab completion
- Keyboard interrupts
- Support for continuous commands (tail -f, top, etc.)
- Native text editors (nano, vim, etc.)
- Instant terminal access
- Password-less login
- Password-less sudo
- Multiple sessions on same or different machines
- Multiple SSH windows
- Cloud-based for quick access anywhere
Since Addigy Live Terminal provides the highest level of console access to your Mac devices, we heavily prioritized the security of its design.
These are some of the security mechanisms put in place to ensure security integrity of Addigy Live Terminal and its tunneled sessions:
- An encrypted public/private key pair is generated for each session that is removed at the expiration of the session.
- The session is validated using the client’s and agent’s Addigy credentials to verify that they are on authorized Addigy machines.
- A secondary public and private secret are passed to the server and agent to be verified upon establishing a connection.
- An AddigySSH user is hidden from all UI options and home directories so the user is essentially a ghost and will not disturb any other users on the agent. (home directory is located at /var/AddigySSH)
- A random 32 character UUID4 is generated as the password during the creation of the AddigySSH user ensuring no password is the same from device to device and will be extremely secure.
- The AddigySSH user is added as a sudoer in the /private/etc/sudoers.d/AddigySSH-perm file, which is pointed to from the /etc/sudoers file in order to ensure that the file is not modified in any way.
Enabling Addigy Live Terminal
- Enable the Addigy Live Terminal Integration on the Support -> Integrations.
- Once enabled globally, Live Terminal can be disabled for select policies on the Policies -> Integrations section. It should be noted that the parent policy supercedes the setting of the child policy. If Live Terminal is enabled in the parent policy, Live Terminal will be enabled in all children, even if Live Terminal is disabled in the child policy.
- AddigySSH will not be enabled on a device until it has run through its policy instructions. To immediately queue the policy instructions, go to Policies -> Deploy Changes and select Deploy Now.
- Launch the SSH Terminal from GoLive -> Terminal.
Trouble Shooting Addigy Live Terminal
In the event that Live terminal is unresponsive or failing to load, please see our article Addigy Live Terminal Not Loading.
Upcoming Additions to Addigy Live Terminal
- Specify session expiration time (default is 2 hours)
- Color theme options
- Command history and session logging on the Events page