Desktop Application
Introduction
The Desktop Application is designed to work across Windows and macOS, It enables access to various targets using native clients such as database clients, SSH terminals, or RDP software.
Who Should benefit from using this application?
- IT Administrators & DevOps Teams
- Security Professionals
- Developers & Engineers
NOTE: currently in its Beta phase
Pre-Requisite
Supported OS:
- Windows
- macOS Ventura / Monterey / Big Sur
Installation Guide
Download the respective Desktop Application installation file from here
Windows Installation
- Open Windows command line as an Administrator and generate Private & Public SSH keys locally. You can use the following command:
ssh-keygen -t rsa.This will create an .ssh folder with the respectiveid_rsaandid_rsa.pubfiles. - Run the .exe file and follow the setup wizard.
- Grant necessary permissions if prompted
The Desktop Application will be installed at \Users\<username>\AppData\Roaming\Akeyless-desktop
- Launch the application
macOS Installation
- After downloading the appropriate installer file, locate it in your
Downloadsfolder or the directory you specified. - Open it and drag the Akeyless Remote Access app to the Applications folder.
- Grant required permissions in System Preferences → Security & Privacy.
The Desktop Application will be installed at: \Users\<username>\Library\Application Support\Akeyless-Desktop
- Open the app and sign in with your Akeyless credentials.
Info
The installation folder contains the following:
- config.json - the configuration file (includes the basic configuration parameters required to launch the desktop application). This file can be deployed by the Admin across the organization
- Logs - can be found at \Akeyless-desktop\logs
How it works?
- The Desktop Application retrieves connection details from the target item (e.g., MY-MSSQL-connection) and initiates a connection.
- It uses the Akeyless CLI to establish a tunnel, leveraging the SSH certificate configured in the Defaults Configuration window
Important
If you don't have an SSH certificate yet, please follow this guide on creating an SSH Cert issuer with Akeyless and set your
CAPublicKeyin thevaluesfile.You will also need to enable Secure Remote Access on the SSH Cert Issuer either in the UI or by adding the
--secure-access-enabletrue flag to your CLI commandLastly, ensure that
Akeylessuser is added to the list ofAllowed User(s)in the SSH-CERT-Issuer item.
- Upon successfully connecting to the remote target, the Desktop Application launches the default application configured for this resource type.
Note
Applications such Azure Data Studio, WindowsApp, DBeaver, Putty, WinSCP, or others should already be installed on the local machine where the desktop application is installed.
Configuration & First-Time Setup
- Logging to the Desktop Application (using SAML, OIDC, Certificate, Access Key, etc).
You should be able to see a list of the resources you can connect to, upon your permissions. If you wish to add / remove targets from the list, you should update your permissions accordingly.
- Application Mapping - In order to connect to remote resources, the user should map them to applications. When using mapped application, the Desktop application launches the native application and securely initiates the connection.
- Listed Below are the native clients that supported by the Desktop Application
| Operating System | Resource | Application Type | Comments |
|---|---|---|---|
| Windows | MSSQL Server | Azure Data Studio | |
| RDP | Remote Desktop | ||
| Postgres DB | DBeaver | ||
| SSH Cert Issuer | Putty | WinSCP should be installed as well | |
| SSH username & password | Putty | Specify Port 2022 | |
| SSH File Transfer | WinSCP | ||
| Powershell | Putty | PS Tag should be configured on the secret item | |
| Direct Connection / Secure Remote Access | Default Browser | ||
| MacOS | MSSQL Server | Azure Data Studio | |
| Postgres DB | DBeaver | ||
| RDP | WindowsApp | ||
| SSH Cert Issuer | OpenSSH Client | ||
| SSH username & password | OpenSSH Client | ||
| Direct Connection / Secure Remote Access | Default Browser | ||
| SSH File Transfer | N/A | Currently not supported with Native Clients |
Multiple Hosts / Linked Targets
The Desktop Application supports the use of multiple hosts / linked targets. You can easily add / remove hosts you wish to connect to and press on
Confirm.NOTE - Removing host from the list only removes it from the list of hosts in the desktop application.
- Configure the Defaults Configuration - When connecting to a remote target, the Desktop Application fetches the required parameters from the resource item (aka, the target you wish to connect to). If this information is not accessible to the desktop application, it will use the information configured in the Advanced Configuration.
- Web Application Dispatcher & Web Proxy URL - Should be provided if working with Zero trust Web Access solution (ZTWA)
- Secure SSH Access Address - This is the path & port for SSH deployment (my.SSH.address)
- SSH Certificate Issuer - This is the name of the SSH Certificate Issuer the Akeyless CLI will use to initiate the connection
- Control API Port - the control API port (as https://gateway-host:<8000>)
- Control API Path - the SRA control API path (for example, :9900 or /sra/ssh-config)
Updated 1 day ago