Secure Gateway

Some connection types support connecting through a Secure Gateway.

Usage of Secure Gateway

A Secure Gateway can be used to access computers through an SSH tunnel (port forwarding). Royal Server or an SSH server with tunneling support can be used.

Object Properties

The Secure Gateway Properties dialog is shown:

for a new Secure Gateway object by clicking the Secure Gateway command in the Add group on the Edit ribbon tab.
for an existing Secure Gateway objects by selecting a Secure Gateway object and clicking on the Properties command in the Edit group on the Home ribbon tab.
as a bulk-edit dialog when multiple Secure Gateway objects were selected in the Folder / Document Dashboard and the Properties command in the Edit group on the Home ribbon tab is clicked. See also: Bulk Operations

Secure Gateway Properties

The Secure Gateway page allows you to configure the computer name (IP address or FQDN) where the Secure Gateway (SSH server with tunneling support) is installed and running. Royal Server already includes a Secure Gateway component.

Display Name (required)

Enter a display name for object.

Color

Click the color picker button in the display name text box to select a color. In the User Interface settings you can configure to show the color in the navigation tree, the connection tab or as connection border.

Icon

Click the icon picker button next in the display name text box to select and assign a custom icon to the object.

Computer Name (required)

Enter the computer name or the IP address.

Tip

Click on the browse button (...) to open the Entry Editor dialog. The entry editor can be used to search for computers in your network.

Tip

You can specify multiple computer names (IP addresses) separated by semicolons for failover/fallback in case a server is not available.

Port

Specify the TCP port of the Secure Gateway (default port is 22).

Test

Click to test the Secure Gateway connectivity..

Description

Enter a description for the object.

Credentials

The Credentials page allows you to assign a credential to the object. You can specify username and password, assign a predefined credential or you specify a credential by name (ideal when you share your configuration). You can also use the credentials defined in the parent folder.

Do not use any credentials

When selected, no credentials are configured for the object. Connections that require credentials may prompt to enter credentials or fail to connect.

Use credentials from the parent folder (not always available)

When selected, Royal TS will look for a configured credential in the parent folder.

Note

Not available for Royal Server objects, Secure Gateway objects, Remote Desktop Gateway objects and Key Sequence Tasks

Use from this connection (not always available)

When selected, the username and password is used from the context connection object.

Specify username and password

When selected, a username and password can be provided. For domain accounts use the syntax "domain\username" (without the quotes).

Use an existing credential

When selected, assign an existing credential to the object using the drop-down list. Use the add button to add a new credential. Use the edit button to edit the selected credential.

Tip

The drop-down list supports sorting and filtering "as you type" to easily find the correct credential.

Specify a credential name

When selected, enter or choose a credential name you want to assign to the object during connect-time.
If you enter '?' (without the quotes) as credential name, Royal TS will prompt for credentials by showing the credential picker dialog.

Note

Assigning a credential by name is recommended when a team of users share the same configuration file. Each user can define his own credential as long as it is using the same name and saves the credential in his own personal and protected document. This makes sharing files across team members very easy while keeping credentials safe.

Omit Domain

When checked, Royal TS will omit the domain portion of the username (domain\username or username@domain).

Note

The Omit Domain checkbox is not available for all object types!

Automatic Logon

When checked, Royal TS will use the credentials to log on to the connection automatically. This setting applies only to connection types supporting automatic logon and is ignored if a connection doesn't support automatic logon.

Note

To access the configured credentials through replacement tokens (for example in Auto Fill or Key Sequence Task configurations), use the replacement tokens \(EffeciveUsername\) and \(EffectivePassword\).

Edit Source

Opens the properties dialog of the source object for the configuration. This button will only be available when the object is configured to use the parent configuration.

Security

The Security page allows you to adjust security settings and allowed algorithms.

General

Authentication Agent

Select the SSH authentication agent to use:

None
OpenSSH Agent
Pageant
Legacy Pageant

Note

Agent forwarding is currently not supported.

Fingerprint

Shows the fingerprint of the server.

Prefer Keyboard-Interactive Authentication

If checked, keyboard-interactive authentication is preferred over password authentication.

Note

You may need to enable this option when your servers requires multi-factor authentication (MFA).

Use Strict Key Exchange

Gets or sets a value indicating whether to enable strict key exchange extension (compatible with OpenSSH 9.6).

Ciphers

Use drag and drop, ALT + UP and ALT + DOWN keys or use the up and down buttons in the cipher header bar to reorder the list of algorithm. Checking/unchecking an algorithm will enable/disable it.

You can configure the following ciphers:

Encryption Key Algorithms
Host Key Algorithms
Key Exchange Algorithms
Mac Algorithms

Warning

Ciphers with a warning icon are considered weak (insecure).

Dependent Gateway

Multiple Secure Gateways can be used in series for nested tunneling. Specify the dependent Secure Gateway or Royal Server object for nested tunnneling.

Dependent Gateway

The Secure Gateway object to connect to before connecting to the current Secure Gateway.

Notes

The Notes page allows you to enter notes for the selected object with HTML formatting, links and embedded images. You can also configure the notes to be inherited from the parent folder.

Use Notes from the parent folder

When selected, Royal TS will display the notes from the parent folder in the notes panel. This option is not available on the document level.

Tip

To embed images, drag them into the editor using drag & drop.

Custom Properties

The Custom Properties page allows you to enter and store additional information for the object. Various data formats are available, including protected fields. You can also group properties by using Header.

Inherit from Parent

When checked, the properties configured on the parent folder are shown but are read-only.

Custom Properties

Use the '+' icon to add a header or a Field or multiple fields based on a template. Click on the label to name the field and enter a value. Click the 'Gear' icon to remove a field or header. The 'Gear' icon also shows additional options, like moving a field up or down.

Custom Fields

The Custom Fields page allows you to enter and store additional information for the object. Custom fields can be used in tasks and templates to inject values from the context connection.

Standard custom fields are also shown in the folder dashboard views and in the properties panel. Protected custom fields can be used to store confidential data (for example when you need an additional password in a task). If you make use of protected custom fields, make sure you encrypt and password protect your document.

Note

Custom fields can be used in Tasks and in the Properties Panel. You can put web page URLs (like an iLO management address) or command lines (such as programs or batch files) in the custom fields and execute them using tasks or directly from the properties panel. Each individual custom field can also be configured to be inherited from the parent folder.

Parent Folder

The Parent Folder page allows you to view or change the parent folder of the selected object. To move multiple objects to another folder use the parent folder page in bulk-edit mode or use the move to command from the Edit tab (see Working with Connections).

Important

You cannot create connections in the Application document. Moving a folder containing connections to a folder in the Application document will fail.