Salient Engineering Logo
How to Setup Salient SSH VPN in AWS and Azure | Salient Engineering
products

How to Setup Salient SSH VPN in AWS and Azure

A complete tutorial on setting up the Salient SSH VPN for secure, encrypted remote access to your AWS and Azure environments.

Available in AWS
Free Trial with AWS

How to Setup Salient SSH VPN in AWS and Azure

Estimated Deployment Time: 10 Minutes

The Basics

The Salient SSH VPN server gives you remote access to your cloud networks, much like a traditional VPN. But instead of dealing with the complexity of IPSEC, L2TP, or PPTP, all your traffic routes securely through a standard SSH tunnel.

We've rigorously tested and confirmed compatibility with:

  • Ubuntu 20.04
  • CentOS Stream 8
  • Fedora 34
  • macOS Big Sur (and newer)

Why Choose an SSH VPN?

  • Direct Private Access: Connect securely to internal systems sitting on private subnets within your AWS VPC or Azure subscription.
  • Ironclad Encryption: Protect your data from snooping ISPs and unsecured public Wi-Fi hotspots by tunneling everything through SSH.
  • IP Masking: When you connect, your actual IP address is hidden. All external systems will only see the public IP of your Salient SSH VPN server.

Deployment Guide

Let's walk through deploying the server and connecting a client.

  1. Deploy the Server: Launch the Salient SSH VPN appliance into your Azure subscription or AWS VPC. Make sure you assign it a public IP address. (Note: For this guide, we'll use ec2-54-91-77-201.compute-1.amazonaws.com as our example public DNS).

  2. Connect to the Server:

    ssh -i ~/.ssh/Salient.pem [email protected]

  3. Create a VPN Client User: Run the sshvpn command to generate a new user profile. We'll name our client ubuntu:

    sudo sshvpn -a ubuntu

  4. Disconnect:

    exit

  5. Retrieve the Installer Script: Use SFTP to download the generated client installation script to your local machine:

    sftp -i ~/.ssh/Salient.pem [email protected]:/home/ec2-user/SSHVPN-ubuntu-Client.sh ./SSHVPN-ubuntu-Client.sh

  6. Install the Client: Make the script executable and run it on your client machine:

    chmod +x SSHVPN-ubuntu-Client.sh
sudo ./SSHVPN-ubuntu-Client.sh

  7. Toggle the VPN:

    • Linux: Start: sudo service sshvpn-ubuntu start Stop: sudo service sshvpn-ubuntu stop
    • macOS: Start: sudo launchctl load /Library/LaunchDaemons/org.salient.sshvpn.plist Stop: sudo launchctl unload /Library/LaunchDaemons/org.salient.sshvpn.plist

That's it! Your SSH VPN is fully operational.

Troubleshooting

Can't connect to the VPN?

  • Check your AWS/Azure security groups to ensure inbound SSH (port 22) is allowed from your client's IP address.
  • Verify you ran the installation script with sudo and actually started the service.
  • Ensure the EC2 or Azure instance is powered on and healthy.
  • Confirm your local network firewall isn't blocking outbound SSH connections.

Frequently Asked Questions

Does the SSH VPN support all regions?
Yes, it works flawlessly in all AWS and Azure regions.

Should I use my root account to deploy it?
No, we strongly recommend using a non-root account with appropriate permissions.

Does it encrypt my data in transit?
Yes! All traffic is heavily encrypted using industry-standard SSH cipher suites.

How much does it cost?
You pay the standard cloud compute rates plus the software licensing fee. For example, running a t3.medium on AWS costs about $0.092/hr ($0.042 for EC2 + $0.05 for the software).

How do I install security patches?
You don't need to manually patch the server. The appliance automatically checks for and installs security updates every day.