In version 7 of Passwordstate, we have introduced a new feature called the Remote Session Launcher. This feature allows you to perform RDP, SSH, Telnet or VNC remote session connections directly from the Passwordstate web site, without having to manually enter any authentication credentials. This post will detail the system requirements, installation instructions and usage information for this feature.
Overview & System Requirements
The Passwordstate Remote Session Launcher allows you to perform RDP, SSH, Telnet or VNC remote session connections directly from the Passwordstate web site, without having to manually enter any authentication credentials.
To use the Remote Session Launcher feature, you must be using a Windows Desktop/PC, and have PowerShell 3.0 or above installed.
During the installation, the PowerShell script ‘PSLauncher.ps1’ will be installed to the destination directory, allowing you to customise this script if required. Putty and VNCViewer are also installed to this path as well.
Also during the install, 4 custom new protocols will be added to your registry, which are:
- HKEY_CLASSES_ROOT\psrdp (for RDP sessions)
- HKEY_CLASSES_ROOT\psssh (for SSH sessions)
- HKEY_CLASSES_ROOT\pstln (for Telnet sessions)
- HKEY_CLASSES_ROOT\psvnc (for VNC sessions)
These custom protocols allows to execution of the PSLauncher.exe utility directly from within your Browser.
Once the Remote Session Launcher utility is installed, it will log connection attempt both in the Auditing section of Passwordstate, and also to a log file called ‘PSLauncher.log’ located in the Remote Session Launcher utility folder. Additional debug logging can be added to this file if needed, by modifying the file ‘PSLauncher.ps1’
To Install the Passwordstate Remote Session Launcher Utility, please follow these steps:
- Within the Passwordstate web site, navigation to your Preferences screen, and then on the ‘API Keys’ tab, create a Remote Session Launcher API Key, and then click one of the Save buttons
- Now click on the HTML link you see on this screen for installing the Remote Session Launcher Utility – the path to the files is https://<mypasswordstateurl/remotesessionlauncher/passwordstatelauncher.exe
- At the ‘Welcome’ screen, click ‘Next’
- At the ‘Destination Folder’ screen, change the path if needed and click ‘Next’
- At the ‘Remote Executables Path’ screen, change any paths if required, enter the URL of your Passwordstate web site, and click Next
- The click the ‘Next’ button, and finally the ‘Finish’ button
- Restart your Browser if it is currently open
Browsers and Launching External Applications
The Passwordstate Remote Session Launcher feature uses ‘Custom Protocol’ browser support in order to launch external applications.
Before you can start to use this feature, your browser needs to be configured to accept these custom protocols, and this can be done in Passwordstate by going to the page Preferences -> Remote Session Credentials, and then clicking on the ‘Configure Browser Support’ button. By clicking on this button, you will be shown a window like the screenshot below.
From here, your browser will present you with an additional popup window when you click on the appropriate protocol type – as per the following screenshots. Click the option to remember this setting, and then close all windows.
Hosts & Remote Session Credentials
Now the Remote Session Launcher utility is installed, you need to add the required number of Hosts to Passwordstate, and apply permissions to them for the users who wish to launch remote sessions to – please refer to the Passwordstate User Manual for instructions on this.
There are several different ways in which you can authenticate your Remote Session to Hosts, and they are:
By Creating One or More Remote Session Credential Queries
Remote Session Credentials can be located in Passwordstate under the Preferences menu. Within this screen, you can create on or more ‘queries’ which allows the use of different credentials for different types of hosts.
As per the screenshot below, you build up the query based on different criteria, and then link the query to a saved Password record in Passwordstate. It is the UserName and Password of this Password record which is passed as the credentials to the Remote Session client.
Once you have created one or more Remote Session Credential queries, all you need to do is click on one of the Hosts on the Passwords Home page, or the dedicated Remote Session Launcher page (found under the main Tools menu), and the appropriate remote session will launch – as per the screenshot below.
- Note: When launching a Remote Session connection, if there are no matching saved Credentials you will be prompted to manually type the UserName and Password. If there are more than one matching saved Credentials, you will be prompted to select which Credential to use.
Remote Session Launcher with These Credentials
Under each ‘Actions’ menu item for individual password records, there is a menu item called ‘Remote Session Launcher with These Credentials’, as per the screenshot below. When you select this menu item, it will allow you to search which Host you wish to connect to, and then authenticate with the selected password credentials.
Manual Credentials for Remote Session Launch
Another option is to select the ‘Manual Credentials for Remote Session Launch’ Actions menu item for one of the Hosts, as per the screenshot below. This will present you with a dialog which allows you to manually type the Username and Password to connect to the Host.