Skip to content

SSH Proxy Command Line Shell Interface

The 12Port platform includes a Command Line Interface (CLI Shell) accessible via the SSH Proxy service. This interface allows you to browse container hierarchies and initiate SSH connections to asset endpoints, all from your terminal, without using a web browser.

Use Cases

The CLI Shell is designed for users who prefer working directly in a terminal or need fast, scriptable access to asset connections. Key advantages include:

  • Navigating the credentials vault and asset structure without a browser
  • Connecting to multiple assets in sequence, using a single authenticated proxy session

Prerequisites

Before connecting, ensure the following:

  • You have a valid 12Port user account with permission to login to the tenant or site.
  • At least Viewer permission to the container or asset for navigation or list.
  • Native Session access is enabled (Allow or Record) in your Access Profile if using the connect command to start a SSH session.
  • MFA (Multi-Factor Authentication) is provided, if required.

Connecting to the CLI Shell

Use the following command format to connect to the CLI Shell:

ssh username@host -p sshProxyPort

Where:

  • username: Your 12Port username with proper permissions.
  • host: The 12Port SSH proxy server hostname (e.g., localhost, 12port.contoso.com).
  • sshProxyPort: The port on which the SSH proxy is running (e.g., 2200).

Example

ssh bwilliams@12port.contoso.com -p 2203

This command logs user bwilliams into the CLI Shell via the proxy server 12port.contoso.com on port 2203.

Using the CLI Shell

After a successful login, you’ll see a prompt in the following format:

tenant(site) />

This prompt indicates your current tenant and site context. You can navigate and manage assets using built-in CLI commands. The shell supports command history (using ↑/↓ up-down arrow keys) and inline editing (←/→ left-right arrow keys) for convenience.

The 12Port CLI Shell supports the following commands:

  • help or ?: Displays available commands and descriptions.
  • alias: Lists command aliases.
  • exit: Exits the shell session.
  • change container <container-name> or cd <container-name>: Switches to a different folder.
  • change site <site-name>: Switches to a different site within the tenant.
  • list assets or ll: Lists assets in the current container, including type, ID, and name.
  • list sites: Lists sub-sites of the current site.
  • connect <asset-name> or connect <asset-id>: Initiates an SSH connection to the specified asset by Name or ID. If using Name, the asset Name must be unique.

Example CLI Session Flow

1. Connect to the CLI Shell:

> ssh bwilliams@12port.contoso.com -p 2203


2. Once connected (tenant Production and site root), navigate to the container secure-dbs:

Production(root) /> cd secure-dbs


3. List assets in container secure-dbs. Asset are listed in the format:
Asset Type: assetName (assetID)

Production(root) /secure-dbs> ll
Unix Host: database-dev (bd6e071c-d864-4af6-8102-29d81c8b22bd)
Unix Host: database-prod (c6be3131-78d9-43c4-8886-54f05b58264d)


4. Connect to the uniquely named asset database-prod from the container secure-dbs:

Production(root) /secure-dbs> connect database-prod


5. After the SSH session is completed, exit the CLI Shell:

Production(root) /secure-dbs> exit
Connection to 12port.contoso.com closed.
>


Session Reporting in 12Port

All CLI Shell sessions are logged and included in the 12Port Session Reports. Each session entry captures:

  • Timestamp of the connection
  • Username of the session initiator
  • Type of session

SSH CLI Shell sessions are marked with SSHP:Shell in the Channel field. 

SSHP:Shell

This allows administrators to audit and review terminal-based access activities within the environment.