Layer7 Privileged Access Management

Tech Tip - CA Privileged Access Manager: Customize PuTTY's Window Title

By wonsa03 posted 09-22-2017 02:23 AM

  

CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 22nd September 2017

Background

Customer's use case:

UNIX user's default login shell is Bourne shell (sh) and single sign-on is not configured with SSH access in CA PAM (no predefined credentials are associated to the SSH access in policy).

 

Issue

PuTTY service is created in CA PAM (Services >> TCP/UDP Services) with 'C:\Program\PuTTY.exe -ssh <Local IP> <First Port>' defined as Client Application: 

  • Bourne shell (sh) -- The PuTTY's Window Title displays only the local loopback address

  • Bourne-Again shell (bash) -- The PuTTY Window Title displays the local loopback address before user login and changes to <user>@<servername> after user login successfully


 

Resolution

To customize the PuTTY's Window Title, it is achievable with following steps:

  1. PAM - Services >> TCP/UDP Services: 
    Create PuTTY service with 'C:\PuTTY\putty.exe -load <Device Name>' defined as Client Application

  2. PAM - Devices >> Manage Devices
    Create a new device or update the existing device and associate the PuTTY service to it

  3. PAM - Policy >> Manage Policies: 
    Create policy that link PAM user(s) with the device and associate the PuTTY service to it

  4. PuTTY:
    Create a Saved Session in PuTTY with the name matching the Device Name in PAM -- specify your preferred Window Title at PuTTY Configuration >> Window >> Behaviour , enter the local IP and port (matching to the PuTTY service in CA PAM)

    [Note: If Device Name has space(s) within the string, please add double quotes around the Device Name in PAM]


Now when CA PAM calls PuTTY service, it is loading the saved session from PuTTY with it's customized Window Title:

[Note: If we use Target UNIX server's IP/ FQDN in PuTTY, session recording will not work. ]

1 comment
0 views

Permalink

Comments