Symantec Privileged Access Management

 View Only
  • 1.  ZENOSS discovery servers with ssh we must use CA PAM

    Posted May 20, 2019 11:35 AM

    Actually we are implementing ZENOSS monitoring tool, but to make the connection to the servers we must use CA PAM through SSH.
    What we have done is generate: the keys, keys policy, a user in the CA PAM and user of Linux Operating System, with this we achieve the authentication without the password through the client of CA PAM Linux 64.
    But what we need is to establish the connection from ZENOSS via SSH instead of the CA PAM client. How can we do it? Is there any other SW to do it?



  • 2.  Re: ZENOSS discovery servers with ssh we must use CA PAM

    Broadcom Employee
    Posted May 21, 2019 06:12 AM

    Hello Armando,

     

    I understand you already followed this procedure in the CA PAM documentation to setup SSH Key Authentication for Accessing UNIX/LINUX Targets

     

    In order to use the private key in e.g. Putty, please retrieve it from the Target Account in CA PAM and convert it to a ppk file using PuttyGen.

    (How to do this is e.g. described here)

     

    You can then setup a "Saved Session” in Putty using the ppk (eg as described in the section Log in to PuTTY by using your SSH private key).

     

    Finally setup a TCP service in CA PAM for putty to do the autologin using this command line

     

    PuTTY.exe -load "my Saved Session” -pw <password> <Local IP> <First Port>

    (you can omit the -pw if your key does not require a password)

     

    Best Regards,

    Andreas



  • 3.  Re: ZENOSS discovery servers with ssh we must use CA PAM

    Posted May 21, 2019 02:09 PM

    Hello Andreas Mueller,

    I do not need to connect with putty, rather I need to connect from the Zenoss tool.

    Let me explain, look at the image

     

    Description Zenoss Connection

    The connection has already been made with the CA PAM Windows and Linux client. But I need it to be from the Zenoss server and from the Zenoss application. (red line in diagram).

     

    Next Image

    SExample conection by CA PAM Client

     

    The connection is established succesfully

    How can we do it? Is there any other SW to do it?

    Regards y Thanks