Quick Start Guide¶
This guide walks you through the initial setup of the SPSA appliance and creating your first connection.
Prerequisites¶
Before starting, ensure you have:
- [ ] SPSA appliance deployed (see Installation Guide)
- [ ] Network connectivity to target systems
- [ ] Initial credentials provided by Skillplan:
- Console account:
spadmin - Portal account:
spadmin
- Console account:
- [ ] TOTP authenticator app (Google Authenticator, Microsoft Authenticator)
Step 1: Console Setup¶
After deploying the SPSA appliance, the first setup steps are performed via the VM console. This is required because all network access except the SPSA Portal (HTTPS/443) is blocked by the integrated host firewall.
First Console Login¶
- Open the VM console in your hypervisor (ESXi or Hyper-V)
- Log in with the console credentials:
| Parameter | Value |
|---|---|
| Account | spadmin |
| Password | (provided separately by Skillplan) |
Different Credentials
The console password and the portal password are different. Make sure to use the correct credentials for each.
Configure Keyboard Layout¶
The default keyboard layout is US English (QWERTY). To change to your local layout:
sudo kbmap
A menu appears with available keyboard layouts:
| Option | Layout |
|---|---|
| 1 | Swiss-German (de-ch) |
| 2 | Swiss-French (fr-ch) |
| 3 | Austrian (de-at) |
| 4 | German (de-de) |
| q | Quit |
Select your preferred layout using the cursor keys and press Enter.
Wait for Completion
The keyboard layout change can take up to 10 seconds to complete.
Reset Console Password¶
You must change the default spadmin console password:
passwd
Follow the prompts to enter and confirm your new password.
Password Requirements
Use a password with at least 12 characters including:
- Uppercase letters
- Lowercase letters
- Numbers
Avoid Z and Y as they may be swapped on QWERTY/QWERTZ keyboards. There is no other way to recover access to the appliance!
Verify IP Address¶
Display the current IP addresses of the appliance:
getip
Example output:
Interface: eth0 IP Address: 192.168.1.73
Interface: eth1 IP Address: 192.168.2.150
Note the IP address you'll use to access the SPSA Portal.
Log Out of Console¶
exit
The remaining configuration is done through the SPSA Portal web interface.
Step 2: First Portal Login¶
Connect to SPSA Portal¶
- Open a web browser (Google Chrome or Microsoft Edge recommended)
- Navigate to:
https://<spsa-ip>/ - Accept the self-signed certificate warning:
- Chrome: Click Advanced → Proceed to [IP] (unsafe)
- Edge: Click Advanced → Continue to [IP] (unsafe)
Administrator Login¶
Log in with the portal administrator credentials:
| Parameter | Value |
|---|---|
| Account | spadmin |
| Password | (provided separately - not the same as console!) |
Configure MFA (TOTP)¶
On first login, you'll be prompted to set up Two-Factor Authentication:
- Open your authenticator app (Google Authenticator, Microsoft Authenticator)
- Scan the QR code displayed on screen
- The app creates an entry for "SPSA" with the
spadminaccount - Enter the 6-digit code shown in your app
- Click Continue
Save Your MFA Setup
Make sure the authenticator entry is saved. You will need the TOTP code for every login.
Portal Home Screen¶
After successful login, you'll see the SPSA Portal home screen with:
- Recent Connections - Your active sessions
- All Connections - Available connections
Step 3: Access Settings¶
Click your username (top right) to open the user menu:
| Menu Item | Function |
|---|---|
| Home | Return to home screen |
| Settings | Administration settings |
| Logout | Log out of portal |
Click Settings to access administration.
Administration Tabs¶
| Tab | Function |
|---|---|
| Active Sessions | Currently active sessions |
| History | Session history |
| Users | User management |
| Groups | User groups |
| Connections | Connection management |
| Settings | System settings |
Step 4: Create Your First Connection¶
Add an RDP Connection¶
- Go to Settings > Connections
- Click New Connection
- Configure basic settings:
| Field | Value | Description |
|---|---|---|
| Name | rdp-srv-001 |
Display name for the connection |
| Location | ROOT |
Parent group (use ROOT for top level) |
| Protocol | RDP |
Connection protocol |
- Configure network parameters:
| Field | Value |
|---|---|
| Hostname | Target IP or FQDN (e.g., 172.16.8.25) |
| Port | 3389 (default, can be left empty) |
- Configure authentication:
| Field | Recommendation |
|---|---|
| Username | Leave empty (user enters at connect time) |
| Password | Leave empty (for security) |
| Security mode | NLA (Network Level Authentication) |
| Ignore server certificate | Enable for self-signed certificates |
- Set connection limits (recommended):
| Field | Value |
|---|---|
| Maximum number of connections | 10 |
- Click Save
Add an SSH Connection¶
- Go to Connections
- Click New Connection
- Configure:
| Field | Value |
|---|---|
| Name | linux-srv-001 |
| Protocol | SSH |
| Hostname | Target IP or FQDN |
| Port | 22 (default) |
- Configure clipboard settings if needed:
| Setting | Effect |
|---|---|
| Disable copying from terminal | Prevents copying text from remote session |
| Disable pasting from client | Prevents pasting into remote session |
- Click Save
Step 5: Create a User¶
Add New User¶
- Go to Settings > Users
- Click New User
- Configure account:
| Field | Description |
|---|---|
| Username | Username for SPSA Portal login |
| Password | Initial password (user should change) |
| Confirm Password | Confirm password |
- Configure profile (optional):
| Field | Description |
|---|---|
| Full Name | Display name |
| Email Address | Email address |
| Organization | Organization name |
| Role | Role/title |
- Configure account restrictions (optional):
| Setting | Description |
|---|---|
| Login disabled | Disable the account |
| Allow access after time | Allow access only after this time |
| Deny access after time | Block access after this time |
| Disable account after date | Auto-disable after date |
- Set permissions:
For standard users, only enable: - Change own password
- Click Save
Assign Connection Access¶
- Edit the user
- Scroll to Connections section
- Under All Connections, check the connections the user should access
- Click Save
User Sees Only Assigned Connections
Users only see the connections they have been explicitly granted access to.
Step 6: Test the Connection¶
User Login¶
- Open a new browser window (or incognito/private mode)
- Navigate to:
https://<spsa-ip>/ - Log in with the user credentials created above
- Complete MFA setup on first login
Connect to Target¶
- Click on a connection from the home screen
- Enter credentials for the target system when prompted
- The remote session opens in the browser
Troubleshooting Quick Tips¶
Connectivity Testing¶
From the SPSA console, test connectivity to target systems:
Test SSH connectivity:
sshping <hostname-or-ip>
Test RDP connectivity:
rdpping <hostname-or-ip>
Example:
sshping 192.168.20.5
Successfully connected to SSH at 192.168.20.5:22
Connection Required
If these tests fail, SPSA cannot connect to the target. Check:
- Network routing between SPSA and target
- Firewall policies
- Target system service is running
Common Issues¶
| Issue | Solution |
|---|---|
| Cannot access portal | Check firewall allows HTTPS (443) to SPSA |
| Connection times out | Use sshping or rdpping to verify connectivity |
| Authentication failed | Verify target system credentials |
| Certificate warning | Configure trusted SSL certificate |
| Keyboard layout wrong | Run sudo kbmap on console |
For detailed troubleshooting, see the Troubleshooting Guide.
Next Steps¶
Your basic SPSA deployment is complete. Continue with:
- Connection Types - Detailed connection configuration
- User Management - User and group management
- SSL/TLS Setup - Configure trusted certificates
- Authentication Setup - AD/LDAP/SAML (Pro)
- Security Guide - Harden your deployment