CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 22nd September 2017
Background
Customer's use case:
UNIX user's default login shell is Bourne shell (sh) and single sign-on is not configured with SSH access in CA PAM (no predefined credentials are associated to the SSH access in policy).
Issue
PuTTY service is created in CA PAM (Services >> TCP/UDP Services) with 'C:\Program\PuTTY.exe -ssh <Local IP> <First Port>' defined as Client Application:
- Bourne shell (sh) -- The PuTTY's Window Title displays only the local loopback address
- Bourne-Again shell (bash) -- The PuTTY Window Title displays the local loopback address before user login and changes to <user>@<servername> after user login successfully
Resolution
To customize the PuTTY's Window Title, it is achievable with following steps:
- PAM - Services >> TCP/UDP Services:
Create PuTTY service with 'C:\PuTTY\putty.exe -load <Device Name>' defined as Client Application
- PAM - Devices >> Manage Devices:
Create a new device or update the existing device and associate the PuTTY service to it
- PAM - Policy >> Manage Policies:
Create policy that link PAM user(s) with the device and associate the PuTTY service to it
- PuTTY:
Create a Saved Session in PuTTY with the name matching the Device Name in PAM -- specify your preferred Window Title at PuTTY Configuration >> Window >> Behaviour , enter the local IP and port (matching to the PuTTY service in CA PAM)
[Note: If Device Name has space(s) within the string, please add double quotes around the Device Name in PAM]
Now when CA PAM calls PuTTY service, it is loading the saved session from PuTTY with it's customized Window Title:
[Note: If we use Target UNIX server's IP/ FQDN in PuTTY, session recording will not work. ]