Secure access to SSH apps within the browser
Citrix Secure Private Access is integrated with Chrome Enterprise Premium to enable secure SSH sessions directly within the browser. This integration enhances security and streamlines access for administrators and users.
Organizations require secure remote administration of SSH-based systems. Traditional methods using standalone SSH clients pose risks by exposing endpoints to unmanaged environments and lacking robust Data Loss Prevention (DLP) enforcement, making compliance challenging.
The SSH sessions are now launched within the Chrome browser instead of standalone SSH clients, reducing dependency on local installations and improving compliance.
Note:
This feature is applicable for Chrome Enterprise Premium integrated Secure Private Access setup for hybrid and cloud deployments. For details, see the following topics:
You must have admin rights to configure Secure Private Access and Chrome Enterprise Premium policies.
Connections to FreeBSD servers are not supported.
Benefits of this integration
This integration offers the following key benefits:
- Enhanced security: Eliminates reliance on unmanaged SSH clients, reducing exposure to security risks.
- Simplified access: Provides browser-native access, removing the need for additional software installations.
- Compliance: Enforces corporate DLP policies directly within the browser, helping meet regulatory requirements.
- Operational efficiency: Reduces IT overhead associated with endpoint management and client deployment.
Use cases
This feature supports various use cases such as:
- Healthcare kiosks: Enables secure SSH access for device troubleshooting without installing native clients.
- IT administration: Allows administrators to securely access Linux servers from managed Chrome browsers with enforced DLP policies.
- Contractor access: Provides temporary SSH access for third-party vendors without compromising the organization’s security posture.
System requirements
Ensure that your environment meets the following requirements:
- Latest version of Chrome Enterprise Premium.
- Citrix Secure Private Access is configured for the integration.
- Access policies to allow SSH traffic must be created in the Secure Private Access admin console.
Prerequisites
Ensure that the following prerequisites are met for enabling secure access to SSH applications:
- Citrix Secure Private Access is configured with Google Chrome Enterprise Premium integration. For details, see Integration with Google Chrome Enterprise Premium.
- The end user has installed the latest Google Chrome browser with the Citrix Secure Access browser extension.
- For the deployment specific prerequisites, see the following topics:
- Cloud deployment - Get started with Citrix Secure Private Access
- Hybrid deployment – System requirements and prerequisites
Configure Secure Private Access for SSH access
- Log in to Citrix Cloud and then click Secure Private Access.
- In the admin console, Click Applications > App Configuration, and then click Add an app.
-
Configure the SSH app as a TCP/UDP app within Secure Private Access.
- The app can have an exact IP address or a range, FQDN, or host name of the server.
- SSH is supported over default and non-default ports.
- Assign access to relevant user groups.
For detailed information on creating a TCP/UDP app, see the following topics.
- Cloud deployment - Support for TCP/UDP apps
- Hybrid deployment – Support for TCP/UDP apps
Access the SSH app
The SSH app access button is visible to the end-user in the extension UI irrespective of whether it is configured or not. If not configured, the user cannot access the SSH-based application.
-
Type
CitrixSSHand hit tab in the URL bar, then enter the IP address and hit enter to start an SSH session.
-
Alternatively, you can click the extension icon and click SSH from the menu.
-
Port 22 is filled in by default. You can choose to change the port number as required.
Note:
Enter your user name and password. Only the user name and password-based authentication is supported.
-
You can also save sessions as favorites.
