Loading...
Loading...
Home Screen
Keeper Connection Manager user guide - home screen
Overview
The Keeper Connection Manager home screen provides quick access to any connection that you have been granted access to.
If you have access to multiple connections, you will be taken to the dashboard where all available connections are listed. If you only have access to a single connection, you will be routed directly to that connection.
My Connections
The home screen contains a list of all connections to which you have access, along with thumbnails of any recently used or active connections. Thumbnail images update dynamically while a machine is being accessed. If you have access to a large number of connections and wish to quickly locate a specific connection, you can also enter search terms within the “Filter” field to filter the list of connections by name.
Clicking on any connection will open that connection within the current window or tab, but multiple connections can be used simultaneously.
Each connection you use will remain active until explicitly disconnected, or until you navigate away from Keeper Connection Manager entirely. Active connections can be seen as thumbnails updating in real-time on the home screen.
User Menu
With the exception of the client connection screen, all Keeper Connection Manager screens contain a menu in the upper-right corner called the “user menu”. This menu displays your username and contains several options which depend on your level of access.
Home
Navigates back to the home screen, if you are not already there. If you only have access to one connection, this will be replaced with a link to that connection.
Settings
Navigates to the settings interface, which provides the core Administrative functions (if you have rights to access this area) and and user preferences such as display language.
Logout
Logs out of Keeper Connection Manager completely, closing all current connections and ending the Keeper Connection Manager session.
Creating Connections
Managing and creating connections to your infrastructure
About Connections
Connections specify the protocol and customizable parameters that define the authentication and customized behavior. Connections can be created from the Settings menu. Only users with "Create new connections" permission can create connections.
Administrators can define which connections are available for users and groups.
Use Cases
Connections can be created and utilized in several ways. Connections can be privileged (credentials hidden from the user) and the connections can support user-specified credentials. Additionally, the connections can pull credentials from one or more Keeper Vaults via the Keeper Secrets Manager integration.
Privileged Connections
When setting up a privileged connection, the authentication credentials to the target can be saved in the connection parameters, or in the designated Keeper Vault. When the credentials are stored directly to the connection or in the Keeper Vault, they are never exposed to the end-user. This allows you to create privileged sessions in which the user does not have access to the underlying credentials.
User-Specified Credentials
When setting up the connection, you can skip the authentication details parameters and Keeper Connection Manager will prompt the end-user for their authentication credentials on every login.
For example, with an RDP connection, simply remove the credentials from the connection parameters and the user will be prompted to authenticate.
Vault Credentials
Create a New Connection
The New Connection form is separated into multiple sections each with multiple inputs. Connections have many different options and capabilities, depending on the protocol.
To begin, click Settings > Connections > New Connection which will open the new connection form.
Connection Details
Connection Name
The name of the connection, this is how it will appear in the connections list.
Location
The location of the new connection in the connections list. You can select "ROOT" to put the new connection at the top level of the connections list, or select a collection to place the new connection under an existing collection.
Protocol
Select the type of connection to create. The current available connection types are:
RDP
SSH
Kubernetes
Telnet
VNC
MySQL
PostgreSQL
Microsoft SQL Server
Concurrency Limits
Max # of Connections
The maximum allowed number of concurrent sessions for this connections. If the maximum number is sessions are already in use, other users will not be able to connect to this connection.
Max # of Connections per User
The maximum allowed number of concurrent sessions for this connection for each user. If the maximum number is sessions are already in use by a user, the user will not be able to open a new session for this connection.
Load Balancing
Keeper Connection Manager can use load balancing among connections in a group to give multiple concurrent users the best experience.
Connection Weight
Enter a number to use as a multiplier of connection assignment. For example, if one connection in a group has a weight of 1, and another has a weight of 2, the second connection will be assigned twice as many concurrent users as the first.
Use for Failover Only
If checked, this connection will only be used if all other connections in the group fail
Guacamole Proxy Parameters
Hostname and Port
Hostname and port of the proxy
Encryption
Choose if the connection traffic should be encrypted. You can choose unencrypted or TLS/SSL encryption.
RDP Protocol Parameters
Details to facilitate the new RDP connection. Set network and authentication details.
Network
Hostname and Port
Enter the hostname and port of the RDP connection
Authentication
Enter the following connection fields for you RDP connection:
Username
Password
Domain
Security Mode
Select the security mode to use, the supported modes are:
Any
NLA (Network Level Authentication)
RDP Encryption
TLS Encryption
Hyper-V / VMConnect
Disable Authentication
Choose to turn off authentication for this RDP connection
Ignore Server Certificate
Choose to ignore the server certificate. In most cases, this is required to establish a connection.
Remote Desktop Gateway
Fill in the following details about the remote desktop gateway:
Hostname and Port
Username
Password
Domain
Basic Settings
Initial Program
Start a program on connection. Enter the location of the program to run
Client Name
Set a name for the computer this connection is connecting to
Keyboard Layout
Choose the type of keyboard to use with this RDP connection
Time Zone
Use the dropdown menus to select the timezone to use with this connection
Enable Multi-touch
Choose to allow multi-touch input for this RDP connection
Administrator Console
Choose to allow access to the Administrator Console for users connecting to this RDP connection
Appearance
Choose settings that affect how the new connection will look.
Width, Height and Resolution
Choose the dimensions and resolution of the screen in pixels (pixels per inch for resolution).
Color Depth
Choose the color depth of the screen over the RDP connection.
Force Lossless Compression
Use lossless compression. Check this option for better visual quality, but it may impact performance.
Resize Method
Choose what the connection should do if the window is resized. Keeper Connection Manager supports "Display Update" Visual channel for RDP 8.1 or higher. For older versions of RDP, use the reconnect method.
Read-Only
If checked, the connection will not allow for any interaction from the user. The user will be able to view what is happening on the connected device, but make no interactions with it.
Clipboard
Disable Copying from Remote Desktop
If selected, users will not be able to copy from the connection
Disable Pasting from Client
If selected, users will not be able to paste values into the connection
Device Redirection
Choose options for connected devices
Support Audio in Console
Choose if audio is supported within the console
Disable Audio
Choose if audio from the connection should be disabled
Enable Audio Input (microphone)
Choose if the user's microphone can be used within the connection
Enable Printing
Choose if users can print from the connection
Redirected Printer Name
If allowing printing, choose the name of the printer to use
Enable Drive
If you would like to transfer files to this target with Drag and Drop, select this option. Along with this, make sure to fill out a "Drive Name", "Drive Path", and select "Automatically Create Drive".
Drive Name
If file transfer is enabled, the name of the drive to use. For example "My Drive".
Disable File Download
Choose if files can be downloaded to the connected drive
Drive Path
The path of the drive to use if enabled. A typical default Drive Path would be something like /var/lib/guacamole/drives/${GUAC_USERNAME}
Automatically Create Drive
If selected, Keeper Connection Manager will automatically create a drive to use with the connection
Static Channel Names
A comma-separated list of static channel names to open and expose as pipes. If you wish to communicate between an application running on the remote desktop and JavaScript, this is the best way to do it. KCM will open an outbound pipe with the name of the static channel. If JavaScript needs to communicate back in the other direction, it should respond by opening another pipe with the same name. KCM allows any number of static channels to be opened, but protocol restrictions of RDP limit the size of each channel name to 7 characters.
Performance
These options can be used to optimize the performance of the Windows Remote Desktop Connection.
Choose to enable or disable the following optional Windows features:
Enable Wallpaper
Enable Theming
Enable Font Smoothing (ClearType)
Enable Full-window Drag
Enable Desktop Composition (Aero)
Enable Menu Animations
Disable Bitmap Caching
Disable Off-screen Caching
Disable Glyph Caching
RemoteApp
Recent versions of Windows provide a feature called RemoteApp which allows individual applications to be used over RDP, without providing access to the full desktop environment. If your RDP server has this feature enabled and configured, you can configure KCM connections to use those individual applications.
Program
Specifies the RemoteApp to start on the remote desktop. If supported by your remote desktop server, this application, and only this application, will be visible to the user.
Windows requires a special notation for the names of remote applications. The names of remote applications must be prefixed with two vertical bars. For example, if you have created a remote application on your server for notepad.exe and have assigned it the name “notepad”, you would set this parameter to: “||notepad”.
Working Directory
The working directory, if any, for the remote application. This parameter has no effect if RemoteApp is not in use.
Parameters
The command-line arguments, if any, for the remote application. This parameter has no effect if RemoteApp is not in use.
Load Balancing
Keeper Connection Manager can use load balancing among connections in a group to give multiple concurrent users the best experience.
Connection Weight
Enter a number to use as a multiplier of connection assignment. For example, if one connection in a group has a weight of 1, and another has a weight of 2, the second connection will be assigned twice as many concurrent users as the first.
Use for Failover Only
If checked, this connection will only be used if all other connections in the group fail
Screen Recording
Options for recording of the screen. See the Session Recording section for more information.
Recording Path
Enter the path to save the session recording. We recommend using the below value:
${HISTORY_PATH}/${HISTORY_UUID}
Recording Name
Enter the name of the recording file
Exclude Graphics/Streams
Choose to exclude graphics or streams from the recording
Exclude Mouse
Choose to exclude the mouse from the screen recording
Exclude Touch Events
Choose to exclude and touch events the user made from the recording
Include Key Events
If selected, include key events that would not otherwise be visible in the recording
Automatically Create Recording Path
If selected, Keeper Connection Manager will automatically create a path for the recording file
SFTP
Options for file transfers to the connection using SFTP. For more information see the File Transfer section.
Enable SFTP
Choose to enable SFTP file transfers
If enabled, enter the following information to connect to and authenticate connection to your SFTP server:
Hostname Port
Public Host Key (Base64)
Username and Password
Private Key
Passphrase for the private key if applicable
File Browsing Root Directory
The root directory of the SFTP server to display within this connection
Default Upload Directory
If users upload a file from the connection, the directory that the file will go to by default
SFTP Keepalive Interval
Enter the keepalive interval as a number
Disable File Download
If SFTP is enabled, check this option to exclude users from downloading files from the server to this connection
Disable File Upload
If SFTP is enabled, check this option to exclude users from uploading files to the server from this connection
Wake-on-LAN (WoL)
Options to facilitate waking the connected device upon connection if supported.
Send WoL Packet
Enable Wake-on-Lan and send a signal from Keeper Connection Manager
Mac Address of the Remote Host
Identify the device to send the signal to by Mac Address
Broadcast Address for WoL Packet
Where to send the WoL signal
Host Boot Wait Time
How long to wait for the device to wake
SSH Protocol Parameters
Details to facilitate the new SSH connection. Set network and authentication details.
Network
Hostname and Port
Enter the hostname and port for the SSH connection
Public Host Key (Base64)
Enter the Public Key for this SSH connection in Base64 format
Authentication
Username and Password
The username and password (if required) for this SSH connection.
Private Key
The private key used for connecting to this SSH connection
Passphrase
The passphrase (if any) for the private key
Appearance
Choose settings that affect how the new connection will look.
Theme
Select a color theme for the terminal.
There are built in themes, and a custom theme option.
Font Name
Enter the name of a font for the terminal to use
Font Size
Select the pixel size of the font
Maximum Scroll back Size
Select how far back a user can scroll through past commands. Leave blank for unlimited.
Read-Only
If checked, the connection will not allow for any interaction from the user. The user will be able to view what is happening on the connected device, but make no interactions with it.
Clipboard
Disable Copying from Remote Desktop
If selected, users will not be able to copy from the connection
Disable Pasting from Client
If selected, users will not be able to paste values into the connection
Session/Environment
Settings for basic environment setup
Execute Command
Enter a command to execute on connection start
Language/Local($LANG)
Set the language/local for the connection, this sets the $LANG environment variable
Time Zone($TZ)
Set the time zone for the connection. This sets the $TZ environment variable
Server Keepalive Interval
Set an interval for a keepalive signal
Terminal Behavior
The Terminal Behavior section contains options about the terminal for applicable connections.
Backspace Key Sends
Choose what action is sent when you click the backspace key. The options are:
Delete
Backspace
Terminal Type
Choose the type of terminal to use. The options are:
ansi
linux
vt100
vt220
vterm
vterm-256color
Screen Recording
Options for recording of the screen. See the Session Recording section for more information.
Recording Path
Enter the path to save the session recording. We recommend setting this to ${HISTORY_PATH}/${HISTORY_UUID}
Recording Name
Enter the name of the recording file
Exclude Graphics/Streams
Choose to exclude graphics or streams from the recording
Exclude Mouse
Choose to exclude the mouse from the screen recording
Include Key Events
If selected, include key events that would not otherwise be visible in the recording
Automatically Create Recording Path
If selected, Keeper Connection Manager will automatically create a path for the recording file
SFTP
Options for file transfers to the connection using SFTP. For more information see the File Transfer section.
Enable SFTP
Choose to enable SFTP file transfers
File Browsing Root Directory
The root directory of the SFTP server to display within this connection
Disable File Download
If SFTP is enabled, check this option to exclude users from downloading files from the server to this connection
Disable File Upload
If SFTP is enabled, check this option to exclude users from uploading files to the server from this connection
Wake-on-LAN (WoL)
Options to facilitate waking the connected device upon connection if supported.
Send WoL Packet
Enable Wake-on-Lan and send a signal from Keeper Connection Manager
Mac Address of the Remote Host
Identify the device to send the signal to by Mac Address
Broadcast Address for WoL Packet
Where to send the WoL signal
Host Boot Wait Time
How long to wait for the device to wake
VNC Protocol Parameters
Details to facilitate the new VNC connection. Set network and authentication details.
Network
Hostname and Port
Hostname and port information for the VNC connection
Encryption
Choose encryption method for connection traffic. The options are:
No Encryption
TLS/SSL Encryption
Authentication
Username and Password
Login credentials for the VNC connection. If you would like to prompt users for the password, leave this field empty.
Appearance
Choose settings that affect how the new connection will look.
Read-Only
If checked, the connection will not allow for any interaction from the user. The user will be able to view what is happening on the connected device, but make no interactions with it.
Swap Red-Blue Channels
Choose if the red and blue channels should be swapped for this connection.
Cursor
Choose to use the cursor of the local machine, or of the remote machine.
Color Depth
Choose the color depth of the screen over the VNC connection.
Force Lossless Compression
Use lossless compression. Check this option for better visual quality, but it may impact performance.
Clipboard
Encoding
Choose which encoding to use when copying and pasting. The options are:
CP1252
ISO 8859-1
UTF-16
UTF-8
Disable Copying from Remote Desktop
If selected, users will not be able to copy from the connection
Disable Pasting from Client
If selected, users will not be able to paste values into the connection
VNC Repeater
There exist VNC repeaters, such as UltraVNC Repeater, which act as intermediaries or proxies, providing a single logical VNC connection which is then routed to another VNC server elsewhere. Additional parameters are required to select which VNC host behind the repeater will receive the connection.
Destination Host and Port
Set the host and port to use
Screen Recording
Options for recording of the screen. See the Session Recording section for more information.
Recording Path
Enter the path to save the session recording. We recommend setting this to ${HISTORY_PATH}/${HISTORY_UUID}
Recording Name
Enter the name of the recording file
Exclude Graphics/Streams
Choose to exclude graphics or streams from the recording
Exclude Mouse
Choose to exclude the mouse from the screen recording
Include Key Events
If selected, include key events that would not otherwise be visible in the recording
Automatically Create Recording Path
If selected, Keeper Connection Manager will automatically create a path for the recording file
SFTP
Options for file transfers to the connection using SFTP. For more information see the File Transfer section.
Enable SFTP
Choose to enable SFTP file transfers
If enabled, enter the following information to connect to and authenticate connection to your SFTP server:
Hostname Port
Public Host Key (Base64)
Username and Password
Private Key
Passphrase for the private key if applicable
File Browsing Root Directory
The root directory of the SFTP server to display within this connection
Default Upload Directory
If users upload a file from the connection, the directory that the file will go to by default
SFTP Keepalive Interval
Enter the keepalive interval as a number
Disable File Download
If SFTP is enabled, check this option to exclude users from downloading files from the server to this connection
Disable File Upload
If SFTP is enabled, check this option to exclude users from uploading files to the server from this connection
Audio
Enable Audio
Choose to enable audio for the connection
Audio Server Name
Name of the audio server to use
Wake-on-LAN (WoL)
Options to facilitate waking the connected device upon connection if supported.
Send WoL Packet
Enable Wake-on-Lan and send a signal from Keeper Connection Manager
Mac Address of the Remote Host
Identify the device to send the signal to by Mac Address
Broadcast Address for WoL Packet
Where to send the WoL signal
Host Boot Wait Time
How long to wait for the device to wake
Telnet Protocol Parameters
Details to facilitate the new Telnet connection. Set network and authentication details.
Network
Hostname and Port
Hostname and port information for the Telnet connection.
Authentication
Username and Password
Authentication credentials for the Telnet connection. To prompt users for the password, leave this field empty.
Username Regular Expression
The regular expression to use when waiting for the username prompt. This parameter is optional. If not specified, a reasonable default built into KCM will be used. The regular expression must be written in the POSIX ERE dialect (the dialect typically used by egrep).
Password Regular Expression
The regular expression to use when waiting for the password prompt. This parameter is optional. If not specified, a reasonable default built into KCM will be used. The regular expression must be written in the POSIX ERE dialect (the dialect typically used by egrep).
Login Success Regular Expression
The regular expression to use when detecting that the login attempt has succeeded. This parameter is optional. If specified, the terminal display will not be shown to the user until text matching this regular expression has been received from the telnet server. The regular expression must be written in the POSIX ERE dialect (the dialect typically used by egrep).
Login Failure Regular Expression
The regular expression to use when detecting that the login attempt has failed. This parameter is optional. If specified, the connection will be closed with an explicit login failure error if text matching this regular expression has been received from the telnet server. The regular expression must be written in the POSIX ERE dialect (the dialect typically used by egrep).
Appearance
Choose settings that affect how the new connection will look.
Theme
Select a color theme for the terminal.
There are built in themes, and a custom theme option.
Font Name
Enter the name of a font for the terminal to use
Font Size
Select the pixel size of the font
Maximum Scroll back Size
Select how far back a user can scroll through past commands. Leave blank for unlimited.
Read-Only
If checked, the connection will not allow for any interaction from the user. The user will be able to view what is happening on the connected device, but make no interactions with it.
Clipboard
Disable Copying from Remote Desktop
If selected, users will not be able to copy from the connection
Disable Pasting from Client
If selected, users will not be able to paste values into the connection
Terminal Behavior
The Terminal Behavior section contains options about the terminal for applicable connections.
Backspace Key Sends
Choose what action is sent when you click the backspace key. The options are:
Delete
Backspace
Terminal Type
Choose the type of terminal to use. The options are:
ansi
linux
vt100
vt220
vterm
vterm-256color
Typescript (Text Session Recording)
Options for text recording. See the Session Recording section for more details about session recording.
Typescript Path
Enter a file path location to save text session recordings to.
Typescript Name
Enter a name for the text session recording file
Automatically Create Typescript Path
Have Keeper Connection Manager automatically create the path location for the text session recording
Screen Recording
Options for recording of the screen. See the Session Recording section for more information.
Recording Path
Enter the path to save the session recording. We recommend setting this to ${HISTORY_PATH}/${HISTORY_UUID}
Recording Name
Enter the name of the recording file
Exclude Graphics/Streams
Choose to exclude graphics or streams from the recording
Exclude Mouse
Choose to exclude the mouse from the screen recording
Include Key Events
If selected, include key events that would not otherwise be visible in the recording
Automatically Create Recording Path
If selected, Keeper Connection Manager will automatically create a path for the recording file
Wake-on-LAN (WoL)
Options to facilitate waking the connected device upon connection if supported.
Send WoL Packet
Enable Wake-on-Lan and send a signal from Keeper Connection Manager
Mac Address of the Remote Host
Identify the device to send the signal to by Mac Address
Broadcast Address for WoL Packet
Where to send the WoL signal
Host Boot Wait Time
How long to wait for the device to wake
Kubernetes Protocol Parameters
Details to facilitate the new connection. Set network and authentication details.
Network
Hostname and Port
The hostname and port of the Kubernetes connection
Use SSL/TLS
Choose to use SSL/TLS encryption
Ignore Server Certificate
Choose to ignore the server certificate
Certificate Authority Certificate
Paste the Certificate Authority Certificate into this text box
Container
Fill in the following information about the Kubernetes container:
Namespace
Pod Name
Container Name
Authentication
Client Certificate
The certificate to use if performing SSL/TLS client authentication to authenticate with the Kubernetes server, in PEM format. This parameter is optional. If omitted, SSL client authentication will not be performed.
Client Key
The key to use if performing SSL/TLS client authentication to authenticate with the Kubernetes server, in PEM format. This parameter is optional. If omitted, SSL client authentication will not be performed.
Appearance
Choose settings that affect how the new connection will look.
Theme
Select a color theme for the terminal.
There are built in themes, and a custom theme option.
Font Name
Enter the name of a font for the terminal to use
Font Size
Select the pixel size of the font
Maximum Scroll back Size
Select how far back a user can scroll through past commands. Leave blank for unlimited.
Read-Only
If checked, the connection will not allow for any interaction from the user. The user will be able to view what is happening on the connected device, but make no interactions with it.
Terminal Behavior
The Terminal Behavior section contains options about the terminal for applicable connections.
Backspace Key Sends
Choose what action is sent when you click the backspace key. The options are:
Delete
Backspace
Typescript (Text Session Recording)
Options for text recording. See the Session Recording section for more details about session recording.
Recording Path
Enter a file path location to save text session recordings to. We recommend setting this to ${HISTORY_PATH}/${HISTORY_UUID}
Recording Name
Enter a name for the session recording file.
Exclude Graphics/Streams
Choose to exclude graphics and streams that may appear on the terminal from the recording.
Include Key Events
Choose to include keys that are clicked in the session recording. Events like ctrl+c will be recorded.
Automatically Create Recording Path
Have Keeper Connection Manager automatically create the path location for the session recording
MySQL Protocol Parameters
Details to facilitate the new MySQL connection. Set network and authentication details.
Network
Hostname and Port
Enter the hostname and port for the MySQL connection
Unix Socket
Enter the socket name if a host is not present
Authentication
Username and Password
The username and password for this MySQL connection. To prompt users for the password, leave this field empty.
Database
Default Database
Specify the default database schema when establishing a connection.
Disable CSV Export
Disable the ability for users to export data through "select .. into local infile"
Disable CSV Import
Disable the ability for users to import data through "load data local infile..."
Appearance
Choose settings that affect how the new connection will look.
Theme
Select a color theme for the terminal.
There are built in themes, and a custom theme option.
Font Name
Enter the name of a font for the terminal to use.
Font Size
Select the pixel size of the font.
Maximum Scroll back Size
Select how far back a user can scroll through past commands. Leave blank for unlimited.
Read-Only
If checked, the connection will not allow for any interaction from the user. The user will be able to view what is happening on the connected device, but make no interactions with it.
Clipboard
Disable Copying from Remote Desktop
If selected, users will not be able to copy from the connection
Disable Pasting from Client
If selected, users will not be able to paste values into the connection
Session/Environment
Settings for basic environment setup
Language/Local($LANG)
Set the language/local for the connection, this sets the $LANG environment variable
Time Zone($TZ)
Set the time zone for the connection. This sets the $TZ environment variable
Server Keepalive Interval
Set an interval for a keepalive signal
Screen Recording
Options for recording of the screen. See the Session Recording section for more information.
Recording Path
Enter the path to save the session recording. We recommend setting this to ${HISTORY_PATH}/${HISTORY_UUID}
Recording Name
Enter the name of the recording file.
Exclude Graphics/Streams
Choose to exclude graphics or streams from the recording.
Exclude Mouse
Choose to exclude the mouse from the screen recording.
Include Key Events
If selected, include key events that would not otherwise be visible in the recording.
Automatically Create Recording Path
If selected, Keeper Connection Manager will automatically create a path for the recording file.
SFTP
Options for file transfers to the connection using SFTP. For more information see the File Transfer section.
Enable SFTP
Choose to enable SFTP file transfers.
File Browsing Root Directory
The root directory of the SFTP server to display within this connection.
Disable File Download
If SFTP is enabled, check this option to exclude users from downloading files from the server to this connection.
Disable File Upload
If SFTP is enabled, check this option to exclude users from uploading files to the server from this connection.
Wake-on-LAN (WoL)
Options to facilitate waking the connected device upon connection if supported.
Send WoL Packet
Enable Wake-on-Lan and send a signal from Keeper Connection Manager.
Mac Address of the Remote Host
Identify the device to send the signal to by Mac Address.
Broadcast Address for WoL Packet
Where to send the WoL signal.
Host Boot Wait Time
How long to wait for the device to wake.
Creating a Custom Theme
Terminal based protocols (Kubernetes, SSH, MySQL and Telnet) allow for custom color themes. To use a custom theme first select "custom" from the Theme dropdown, this will open the custom theme builder.
To use the custom theme builder, click each color to select a new color to use in its place. The foreground and background colors are labeled, other colors represent the standard terminal colors.
For example: to replace all red highlighted text in the terminal with orange text, click the red color and choose orange in the color picker.
Usage History
If you are editing an existing connection, the usage history of the connection is shown in this section
The usage history table displays the username, date, duration of connection and remote IP address of users connecting to this connection.
Establishing Connection through Firewalls
If you would like to establish a connection to a target server with restricted Ingres connections, check out the documentation on Creating Connections via reverse SSH tunnel.
Loading...
File Transfer Config
Transferring files between local and remote connection
Keeper Connection Manager support file transfers in both directions, with unique features available for the different connection types.
RDP
Files can be transferred between the local system and the remote connection through simple drag-and-drop.
SSH
Files can be transferred to the remote system through drag-and-drop. File transfer from remote system to local browser accomplished through helper script.
VNC
Files can be transferred via sftp to the remote system through drag-and-drop. The sftp endpoint is configured in the Connection Edit screen.
MySQL
The new MySQL connection type supports transfer of CSV data into and out of the remote database through the browser interface using special "select" and "load" commands that have been built as extensions to the MySQL syntax.
RDP / Windows
The connection parameters used for File Transfer on Windows connections is displayed below. RDP connection types support two different methods of file transfer. The "Enable Drive" method uses the RDP protocol and maps file transfers to a mapped drive on the remote system.
Depending on the installation method, the "Drive Path" can be configured a few different ways.
On Docker Installation methods, there is a default volume mount to /var/lib/guacamole/
The Drive Path must include a base path of /var/lib/guacamole/drives which has the necessary permissions to write files. If the same Drive Path is specified on multiple connections, the files will be shared among those connections. If the Drive Path contains a token after /drives/ such as ${GUAC_USERNAME}, each user will see their own shared drive.
For example:
In this example, the following parameters are set:
Enable Drive: Check this to activate the file transfer capability
Drive Path: Set this path according to the environment. The folder must be writable by the guacd user.
Automatically Create Drive: If the permissions allow, the subfolders will be created on demand.
The mapped drive will show up on the remote system as seen below:
Windows connections can optionally use SFTP for file transfer. This can be activated in the SFTP section of the connection.
To transfer a file from the local system to the remote connection, simply drag-and-drop the file into the window. A progress indicator will show up on the lower right.
After the file transfer is complete, it will appear in the Drive folder.
To transfer a file from the remote system to the local computer, simply drag and drop a file on the remote system into the mapped Drive and then drag into the "Download" folder of the mapped drive. The file will instantly download to the local system.
SSH / Linux
SSH Connection types provide SFTP file transfer, which conveniently allows you to drag and drop a file into the SSH connection screen. Files are transferred to the designated folder as specified in the SSH connection settings.
Simply drag and drop a file into the SSH connection to transfer a file to the remote system. By default, the files will transfer to the home folder unless a different root directory path is specified.
To transfer files from the SSH remote connection to the local filesystem, you can download a tool called guacctl into the remote system and use it for performing outbound transfers.
Instructions for using guacctl are below:
MySQL
Importing
Importing Data is accomplished through the web browser interface by using the standard "LOAD DATA LOCAL INFILE" SQL command. Keeper Connection Manager intercepts the response data and redirects it through the native file download facility of the web browser.
For example:
This SQL query will trigger a browser file upload and then import the provided data.
Details about the syntax can be found at the MySQL website.
Exporting
Exporting CSV data from SQL query using a new SELECT... INTO LOCAL OUTFILE command.
For example:
File Transfer Upload Limit
The file upload limit is controlled through the client_max_body_size setting in the NGINX configuration file.
On Docker installations of Keeper Connection Manager, the default value of this setting is "0" which allows for an unlimited upload file size.
On Advanced Linux Installation method, the default file transfer limit might be set to 1MB and most likely, you will want to raise this limit. If you followed the typical installation instructions with NGINX, you should modify the configuration file, e.g. /etc/nginx/conf.d/guacamole.conf
Ensure the following parameter (client_max_body_size) is set with the preferred maximum file size limit. For example the below is set for 200MB size limit:
client_max_body_size 200m;
After updating this value, make sure to restart NGINX
systemctl restart nginx
Custom Network Drive
If you have an environment where you would like the file location path associated with an existing network drive, follow the steps below:
Mount your network drive to the Keeper Connection Manager host filesystem
Volume mount the network drive path in the Docker Compose for the guacd container
Ensure that the guacd user can write the files in the docker container
The most important thing to keep in mind when doing this is that it's the "guacd" service that needs to be able to write files in the drive path. The guacd service operates as a reduced-privilege "guacd" user within the "guacd" container, and so you will need to set file permissions accordingly. This can be done either by modifying the files on the filesystem to have appropriate ownerships using the numerical UID/GID used by the container, or by using the GUACD_UID and GUACD_GID environment variables to configure the container to use the UID/GID already used by the files on the guacd container filesystem.
Loading...
Session Recording and Playback
Configure and view connection session recordings
Overview
Keeper Connection Manager supports automatic screen recording of each connection session. Recordings can be graphical video recordings of the connection, or (for certain connection protocols) typescript recordings which record only the text sent to the the client machine.
Read below about how to setup, configure, and view each session recording type.
Graphical Session Recording
Sessions of all supported protocols can be recorded graphically. These recordings take the form of Guacamole protocol dumps and are recorded automatically to a specified directory.
In-Browser Session Recording and Playback
The simplest way to record user connection sessions and view them in the browser.
To configure connections for in-browser recording playback, enter the following special values in the "Screen Recording" section of the connection settings.
Recording Path
${HISTORY_PATH}/${HISTORY_UUID}
[x] Automatically Create Typescript Path
Typescript Path
${HISTORY_PATH}/${HISTORY_UUID}
[x] Automatically Create Recording Path
These values tell the system to store recordings in a location and format that the in-browser viewer can consume. A screenshot example is below:
Custom Session Recording Location and Local Playback
If desired, graphical session recordings can be named with custom values, or saved to any desired location. This will require recording playback using the Glyptodon Session Recording Player.
Configuring Graphical Session Recording
Recording Path
The directory in which screen recording files should be created.
This parameter is required for graphical session recording to function.
Recording Name
The filename to use for any created recordings. This parameter is optional. If omitted, the value “recording” will be used instead.
This parameter only has an effect if graphical recording is enabled. If the "Recording Path" is not specified, graphical session recording will be disabled, and this parameter will be ignored.
For example:
RDP Recording ${GUAC_USERNAME} - ${GUAC_DATE} : ${GUAC_TIME}
Will create recording files with the user's username, the session date and time in the name.
Guacamole will never overwrite an existing recording. If necessary, a numeric suffix like “.1”, “.2”, “.3”, etc. will be appended to to avoid overwriting an existing recording. If even appending a numeric suffix does not help, the session will simply not be recorded.
Session Recording Playback
Keeper Connection Manager session recordings can be viewed from within the user interface in the History tab of the settings screen. To view a recording, click the play icon on the far right. Any session of a connection that was setup with the settings above will have the icon. When the icon is clicked, the recorded session will load in the browser, and you can start playback by clicking anywhere on the screen.
Exclude Graphics/Streams
If checked, graphical output and other data normally streamed from server to client will be excluded from the recording, producing a recording which contains only user input events.
This parameter is optional. If omitted, graphical output will be included in the recording.
Exclude Mouse
If checked, user mouse events will be excluded from the recording, producing a recording which lacks a visible mouse cursor.
This parameter is optional. If omitted, mouse events will be included in the recording.
Include Key Events
If checked, user key events will be included in the recording.
This parameter is optional. If omitted, key events will be not included in the recording.
Automatically Create Recording Path
If checked the directory specified by "Recording Path" will automatically be created if it does not yet exist. Only the final directory in the path will be created - if other directories earlier in the path do not exist, automatic creation will fail, and an error will be logged.
This parameter is optional. By default, the directory specified by the recording path parameter will not automatically be created, and attempts to create recordings within a non-existent directory will be logged as errors.
Replaying Custom Location Graphical Session Recordings
To view session recordings, click "Browse..." and select the recording in your file system. The recording will play in the browser.
The Keeper Connection Manager graphical session recording player does not send recordings over the internet. Recording files are translated to video locally on the browser.
Text session recording (typescripts)
The full, raw text content of terminal sessions, including timing information, can be recorded automatically to a specified directory. This recording, also known as a “typescript”, will be written to two files within the directory specified by the entered Typescript Path: NAME, which contains the raw text data, and NAME.timing, which contains timing information, where NAME is the value provided for Typescript Name.
This format is compatible with the format used by the standard UNIX script command, and can be replayed using compatible tools.
Configuring Graphical Session Recording
Typescript Path
The directory in which typescript files should be created.
This parameter is required. Specifying this parameter enables typescript recording. If this parameter is omitted, no typescript will be recorded.
Typescript Name
The base filename to use when determining the names for the data and timing files of the typescript.
This parameter is optional. If omitted, the value “typescript” will be used instead.
Each typescript consists of two files which are created within the directory specified by the Typescript Name: NAME, which contains the raw text data, and NAME.timing, which contains timing information, where NAME is the value provided for the Typescript Name parameter.
For example:
SSH Typescript ${GUAC_USERNAME} - ${GUAC_DATE} : ${GUAC_TIME}
Will create recording files with the user's username, the session date and time in the name.
Guacamole will never overwrite an existing recording. If necessary, a numeric suffix like “.1”, “.2”, “.3”, etc. will be appended to NAME to avoid overwriting an existing recording. If even appending a numeric suffix does not help, the session will simply not be recorded.
Automatically Create Typescript Path
If checked, the directory specified by "Typescript Path" will automatically be created if it does not yet exist. Only the final directory in the path will be created - if other directories earlier in the path do not exist, automatic creation will fail, and an error will be logged.
This parameter is optional. By default, the directory specified by "Typescript Path" will not automatically be created, and attempts to record typescripts in a non-existent directory will be logged as errors.
Replaying Text Session Replays
MacOs
Recordings can be replayed using script. For example, to replay a typescript called “NAME”, you would run:
Linux
Recordings can be replayed using scriptreplay. For example, to replay a typescript called “NAME”, you would run:
Loading...
Loading...
Loading...