Connection Mode

Connections via Fudo One are established in bastion mode.

In bastion mode, the target host is specified within the string identifying the user and the server that are trying to connect to, e.g. ssh -l johndoe#root#example.server.org. This enables facilitating access to a group of monitored servers through the same IP address and port number combination.

While connecting, the Fudo One expects:

<username>[@domain][#<serverlogin>#<address>[:<port>]], where:

<username>: User’s login on Fudo One,
[@domain] is optional,
<serverlogin>: user’s login on the target server,

<address>: server address on the target server (the <port> can be omitted if native for protocol).

🚧

'#' character in between is required.

Target object string is matched in the following sequence:

Exact username - Fudo One tries to match the string with object defined in the local database.
Exact server address - Fudo One tries to match the string with an IP address of a server object defined in the local database.
IP address returned by the DNS service - Fudo PAM queries the DNS service and tries to match the returned IP address with an IP address of a server object defined in the local database.
Hostname returned by the reverse DNS service - Fudo PAM queries the reverse DNS service and tries to match the returned hostname with a sever object defined in the local database.

📘

If an account object doesn’t have a login defined, the Fudo One system will ask for a login while connecting to the target server.