Symantec Privileged Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Need IP address on putty screen name

  • 1.  Need IP address on putty screen name

    Posted Apr 23, 2019 02:18 AM

    Hi Team,

     

    When we open putty/ssh session from CA PAM tool, it will display host name on top of the putty. 

    If there are 10 opened putty sessions, it is difficult to identify which is which server.

     

    So, please let us know is there a way to configure to display IP address of the server instead of host name on top of putty/ssh sessions opened from CA Application.

     

     

    Regards,

    Harshitha D



  • 2.  Re: Need IP address on putty screen name

    Broadcom Employee
    Posted Apr 24, 2019 09:48 AM

    Hello Harshitha, I am a bit confused about your question. You say that the PuTTY windows display the host name instead of the IP, which commonly would be regarded the preferred method since it is easier to recognize hosts by name rather than IP. I suspect your problem is that you don't have the target device name in the PuTTY sessions launched from PAM, but the local IP to which PAM makes the PuTTY client connect. If that is your problem, you should update the Client Application string in the TCP/UDP service you have defined in PAM. I use the following string:

     

    "C:\Program Files (x86)\PuTTY\putty.exe" -ssh <user>@<Local IP> <First Port> -loghost <Device Name>

     

    The "-loghost <Device Name>" argument results in the target device name being shown in the PuTTY Windows title:

     



  • 3.  RE: Re: Need IP address on putty screen name

    Posted Nov 13, 2019 02:43 PM
    Is there a possibility to automatically log in with Putty? without requesting user and password as it does with Java

    Regards
    Original Message


  • 4.  RE: Re: Need IP address on putty screen name

    Broadcom Employee
    Posted Nov 13, 2019 02:56 PM
    Hi Jorge, I don't understand how you link PuTTY with Java, but the above PuTTY service using <user>@<Local IP> will provide auto-login if you associate a target account with this service in the user/device policy.
    Original Message


  • 5.  RE: Re: Need IP address on putty screen name

    Posted Nov 13, 2019 04:30 PM

    Hi Ralf

     

    Thank you for your help, I have configured for auto login with an ssh key but when I configure the service to be via putty I ask user and pass .. I attached a video for more details

     

    https://1drv.ms/v/s!AnWBQKirQ2eZ13M9vK8EGnVceAwV?e=gvnOeH

     

    Regards

     

     

    signature_1876590764

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message


  • 6.  RE: Re: Need IP address on putty screen name

    Broadcom Employee
    Posted Nov 13, 2019 04:42 PM
    Edited by Ralf Prigl Nov 13, 2019 04:42 PM
    Hi Jorge, Your video does not answer my question. It only shows that target accounts were configured for auto-login for the SSH applet. It doesn't show whether you configured the PuTTY service with a target account for auto-login. I think the answer must be NO because when we see the password prompt, we can see that the user name is "<user>". This would have been translated by PAM into the name of the target account, if one had been configured.
    Original Message


  • 7.  RE: Re: Need IP address on putty screen name

    Posted Nov 13, 2019 05:01 PM

    Thanks Ralf

    modify the Putty configuration by setting the user oracle, now it shows the user but keep requesting the pass again

     

    "C:\Program Files (x86)\PuTTY\putty.exe" -ssh oracle@<Local IP> <First Port> -loghost <Device Name>

     

     

    regards

     

    signature_1995592391

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message


  • 8.  RE: Re: Need IP address on putty screen name

    Broadcom Employee
    Posted Nov 13, 2019 05:17 PM
    Jorge, That is totally wrong. You are modifying the Client Application string, which is part of the TCP/UDP service definition. I am asking you about your policy configuration. That's where you have to add the target account. In the application string you have to keep using the <user> token, otherwise the service will always try to login with the same account name, no matter which host you connect to.

    Original Message


  • 9.  RE: Re: Need IP address on putty screen name

    Posted Nov 14, 2019 10:20 AM

    Hi Frank

     

    I have made the changes but I am doing something wrong, this is my configuration

     

    TCP/UDP Service

     

    "C:\Program Files\PuTTY.exe" -ssh <user>@<Local IP> <First Port>

     

     

     

    Policy

     

     

     

     

    SSH PUTTY

     

     

     

    signature_1029677303

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message


  • 10.  RE: Re: Need IP address on putty screen name

    Broadcom Employee
    Posted Nov 14, 2019 10:47 AM
    Hi Jorge, You have to get rid of you local Client Application string where you entered user "oracle" and overwrote whatever string you have defined in the TCP/UDP service. Launch the service, go to the popup showing the local IP and your custom Client Application string, remove your own string from there (make sure the field is completely empty), save and then launch the service again.
    Original Message


  • 11.  RE: Re: Need IP address on putty screen name

    Posted Nov 14, 2019 11:25 AM

    Hi Ralf

     

    I have made all the configurations without obtaining results, it is possible that you can connect to my PC to see what is wrong, or send a small step-by-step instruction, we really need to use it

     

    I have these error messages every time we use this service

     

     

    Help me please its` stucked

     

     

     

     

    Regards

     

    signature_197158786

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message


  • 12.  RE: Re: Need IP address on putty screen name
    Best Answer

    Broadcom Employee
    Posted Nov 14, 2019 11:34 AM
    Hi Jorge, You get this message if you start a second client instance, and the first one is listening on this local IP and port already. Make sure you have only one CAPAMClient.exe process running. If you need further assistance, please open a support case. However, all the information needed to get this going was provided already, and you should be able to get this going. TCP services using SSH clients like PuTTY and auto-login are very widely used with PAM, and they work!
    Original Message


  • 13.  RE: Re: Need IP address on putty screen name

    Posted Nov 14, 2019 11:54 AM

    Thansk is working now

     

    Regards

     

    signature_900886126

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message


  • 14.  RE: Re: Need IP address on putty screen name

    Posted Nov 14, 2019 12:21 PM

    Hi Ralf

     

    One question, for mobaxterm is the same procedure?

     

    Thanks for you help

     

    Regards

     

    signature_1806284374

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     

    De: Lopez Riquelme Jorge Marcelo <JLOPEZR@entel.cl>
    Fecha: jueves, 14 de noviembre de 2019, 13:54
    Para: "BROADCOM-layer7privilegedaccessmanagement@ConnectedCommunity.org" <BROADCOM-layer7privilegedaccessmanagement@ConnectedCommunity.org>
    Asunto: Re: Layer 7 Privileged Access Management : Re: Need IP address on putty screen name

     

    Thansk is working now

     

    Regards

     

    signature_900886126

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message


  • 15.  RE: Re: Need IP address on putty screen name

    Broadcom Employee
    Posted Nov 14, 2019 12:45 PM
    Hi Jorge, Yes, it works with MobaXTerm too, you can read https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=139694 for additional details on that client specifically.
    Original Message


  • 16.  RE: Re: Need IP address on putty screen name

    Posted Nov 15, 2019 09:47 AM

    Mr Ralf

     

    Thanks you

     

    Best regards

     

    signature_264337663

    Jorge López Riquelme

    Gerencia Depto. Pruebas y Tecnologías PTD

    Av. Vitacura 2736, piso 3, Las Condes.

    +56 2 242 32142 / +56 9 84304287

     

     




    Original Message