Skip to content

Session Control Commands

Session Control Commands allow administrators to define commands that are automatically executed during SSH Proxy and Web SSH sessions as part of the session lifecycle. These commands can be configured to run before or after user access is granted, enabling automated session preparation and post-session actions.

A Control Command can optionally include an associated password. When configured, the system executes the defined command, waits for a password prompt if applicable, automatically provides the configured password, and then continues the session flow according to the configuration.

This functionality is supported for both SSH Proxy and Web SSH sessions.

Overview

Control Commands provide a mechanism to automate session-level actions without requiring manual user input. These commands execute within the SSH session context and are fully transparent to auditing and session recording mechanisms.

Typical use cases include:

  • Entering privileged or administrative modes on network appliances (similar to Enable Mode on Cisco devices)
  • Executing environment preparation commands before user interaction
  • Running initialization scripts required for controlled environments
  • Triggering logging or context-setting commands at session start
  • Executing cleanup or state-reset commands after session completion

Control Commands help standardize session behavior and reduce reliance on manual operational steps.

Supported Session Types

Control Commands are supported for:

  • SSH Proxy sessions
  • Web SSH sessions

Behavior is consistent across both access methods.

Configuring Control Commands

Control Commands are configured as part of the SSH session settings for the relevant asset or connection profile.

To configure Sesion Control Commands:

  1. Navigate to the asset's Asset Type page (e.g. Unix Host) at Management > Asset Types.
  2. Edit the Asset Type and select Add Field.
  3. Create a new field with Name: Command Before as Type: String. Click Save.
  4. Create a new field with Name: Command Before Password as Type: String and Secured: Enabled. Click Save.
  5. Navigate to the Asset that needs to support Session Control Commands and click Edit.
  6. Enter the appropriate command in the Command Before field and (optionally, if required), the Command Before Password field.
  7. Save the asset change and use the Access button to test the functionality.

Control Command Example Asset Configuration

User Experience

When a Control Command is configured to run before user access:

  1. The session establishes normally.
  2. The Control Command is executed automatically.
  3. If applicable, the password is entered automatically.

After completion, control is released to the user.

From the user’s perspective, the session opens in the resulting state produced by the Control Command (for example, in a specific directory or already in privileged mode).

Control Command Example SSH Web Session

Example: Session Control *Command Before* example in a Web SSH session.

Control Command Example SSH Proxy Session

Example: Session Control *Command Before* example in a SSH Proxy session (native PuTTY client).


When configured to run after authentication or at session completion:

  1. The command executes automatically at the defined stage.
  2. The user does not need to manually perform the configured action.

All activity generated by Control Commands is included in session recording and auditing logs, ensuring full visibility and traceability.

Command Password Handling

When a Command Before Password is included:

  1. The system executes the configured command.
  2. In the next prompt, the system automatically sends the configured password.
  3. Control is then transferred to the user (for pre-session commands) or the session continues according to the defined lifecycle stage.

If no Command Before Password is configured, the command is executed without automated password input.

Session Event Reporting

Control Command execution is captured as part of the session event report. This ensures:

  1. Full audit trail of automated actions
  2. Visibility into privileged mode transitions
  3. Consistency with compliance and monitoring policies

Regardless of session type (SSH Proxy or Web SSH), Control Commands are recorded and available for review through standard session reporting mechanisms.