Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  PuTTY Auto Login

    Posted Jun 05, 2020 06:17 AM
    Hi All,

    I am trying to configure auto login from PAM server using the TCP Service configured for Putty.

    Application protocol: Disabled
    (if I select SSH here then we get an error "Couldn't agree a key exchange alogrithm (available:curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,dcdh-sha2-nistp256" 
    Even though SHA-2 is enabled on RHEL-6 & 7 servers that we are trying to access.

    Client application: C:\Users\prince.a\Desktop\putty.exe -ssh <user>@<Local IP> <First Port> -loghost <Device Name>

    am I missing any parameter here ?

    I think there are two issues that we are having. First is that the service does not work when SSH protocol is selcted and the second is auto logon not happening even if we disable the protocol.

    Please assist. 
    Thanks,

    Prince

    ------------------------------
    Prince
    ------------------------------


  • 2.  RE: PuTTY Auto Login

    Broadcom Employee
    Posted Jun 05, 2020 06:41 AM
    Hi Prince
    The problem with the supported kex algorythms is likely because of your putty version. Please download the latest one and try
    When you say autologin does not work, you mean it does not inject the credentials ? Or it does but it gives incorrect username ?​
    Original Message


  • 3.  RE: PuTTY Auto Login
    Best Answer

    Posted Jun 05, 2020 09:00 AM
    Hi Prince

    I had a similar error, I solved it taking into account the following considerations

    1. Verify which version of the protocol the server has enabled. In my case, the servers that presented errors had configured the sha1 protocol, which is not supported by PAM from version 3.2 (I think). To solve this, the protocol was updated to the server version sha2 and the latest version of putty (0.73) is used.

    Finally when the service requests the username it should be enough to press the ENTER key and PAM will enter the username and password automatically.


    Original Message


  • 4.  RE: PuTTY Auto Login

    Broadcom Employee
    Posted Jun 05, 2020 09:49 AM
    I've solved this by adding -l dummy into the Client Application string.  That's a lower case L.  This parameter takes care of a prompt that putty issues for the username.  With this included you won't see the issue where the username is entered and then you login without entering the password.  You can use anything for this string.  I just use dummy to emphasize that it doesn't matter what you enter.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------

    Original Message


  • 5.  RE: PuTTY Auto Login

    Broadcom Employee
    Posted Jun 05, 2020 10:07 AM
    In addition to other comments here, if you define a TCP/UDP service with Application Protocol: Disabled, there cannot be any auto-login, because you are just using PAM as a router and there is no PAM component participating in the connection that could insert credentials. When you select Application Protocol: SSH, an SSH proxy service on the appliance acts as a middle man and handles the auto-login. The same is true for session recording, which only the SSH proxy would be able to do.
    Original Message