To use all features of TRASA, you need to setup these settings.
1. Root account setup
Once TRASA server is up and running, you can open web browser to access TRASA dashboard (listening at TRASA_HOST in browser which is an IP address or domain name.)
By default, a
root user account will be created for you with default password
changeme. As an administrator, you will need to set up this root account before you can access TRASA.
Follow account setup steps detailed at account setup guide
TRASA has secure encrypted storage to which is used to store service credentials like password, private keys and integration keys. Follow steps at initializing TsxVault to enable secret storage.
3. Setup FCM with TRASA FCM proxy (Optional, Recommended)
TRASA push U2F is very convenient way of authorizing 2FA process. With push U2F, users do not need to enter 6 digits TOTP code every time they need to verify second step verification process and is also immune to phishing attacks on TOTP codes.
This feature requires sending push notification to user's mobile device. To enable it, register with TRASA FCM Proxy
4. Email setup (Optional, Recommended)
To receive emails and security alerts from TRASA you will need to integrate TRASA with your existing email provider. Follow Email setup guide to setup email.
5. Configuring Network Firewall (Optional, Recommended)
TRASA access proxy can only control access if traffic passes through it. To ensure security policy is enforced on access proxy, you should configure a network firewall so that every remote access to your server and services is only routed and allowed from the IP address of the TRASA server.
TRASA also supports native two-factor authentication integration (with installable agents that protect windows server, Linux server, and hardware appliance). If you are using TRASA just for native two-factor authentication, you can skip configuring your network because agents will communicate with TRASA server for authorization.
Create a security group for TRASA
In EC2 management console,
Go to Security groups.
Click the "Create security group" button.
Fill in the name and description.
In inbound rules section, click the "Add rule" button.
Choose the "SSH" type and "Custom" source.
Add TRASA IP on the "source IP" field.
Now use this security group to allow SSH in all instances you want to protect with TRASA.