Symantec Privileged Access Management

 View Only
  • 1.  How to configure a SSH Key Authentication

    Posted Mar 23, 2020 06:44 PM
    Good morning Community:

    Could someone support me by providing an example of how to set up a privileged account using SSH Key Auth.

    I am trying to configure but I am not successful, I only have a file that is used with Putty ".ppk" and in putty I can connect.

    Greetings.


    ------------------------------
    Consultant
    Root Technologies
    Mexico City
    ------------------------------


  • 2.  RE: How to configure a SSH Key Authentication
    Best Answer

    Broadcom Employee
    Posted Mar 23, 2020 11:04 PM
    Edited by Christopher Hackett Mar 30, 2020 05:36 PM

    Juan

    All you need is the PPK, The passphrase to the PPK and puttygen.exe to generate the Public Key and export the private key in an openssh format. You could copy the public key from the ~/.ssh/authorized_keys file but this file can contain multiple public keys making it harder to validate which one is correct.

    Start by loading the existing PPK file into puttygen.exe. You will be prompted for the passphrase. Once completed you can see the public key that was generated from that privake key.

    Next create test file called Public.key and paste the contents you see in the key section created with the generate.

    Then go to the Conversions menu and export openSSH key to a file called Private.key

     

    Now when select SSH-2 Public Key Authentication in the PAM credential manager you can load the Public.key, Private.key and the same passphrase and start using this credential.

     

    Joe




  • 3.  RE: How to configure a SSH Key Authentication

    Posted Mar 24, 2020 03:18 PM
    Good dayJoe:

    Thank you for your support. I will test with your comments.

    On the other hand, is there a way for PAM to send the keys to the Putty using TCP/UDP Service?

    For example:
    C:\PuTTY.exe -ssh -l <Username> <Local IP> <First Port> -i "Keys"

    Regards.

    ------------------------------
    Consultant
    Root Technologies
    Mexico City
    ------------------------------



  • 4.  RE: How to configure a SSH Key Authentication

    Broadcom Employee
    Posted Mar 24, 2020 05:04 PM
    Juan 

    That is close. You just need to replace Keys with Password  PuTTY.exe -ssh <Local IP> <First Port> -l <Userrname> -i "<Password>"

    Joe


  • 5.  RE: How to configure a SSH Key Authentication

    Broadcom Employee
    Posted Mar 24, 2020 06:25 PM
    Juan

    Correction ... You only need to use  PuTTY.exe -ssh <Local IP> <First Port> -l <Userrname>  .. The background processing in CA PAM will identify this as a a key based authentication and enter the key and its passphrase in the background. So you can use the same UDP/TCP service for both key and password authentications .

    Joe



  • 6.  RE: How to configure a SSH Key Authentication

    Posted Mar 24, 2020 08:29 PM
    Good dayJoe:

    Thanks for your support, I did the steps you mentioned and they were successful.

    I have SSH Key Auth integrated.

    Configuration works .. !!

    Greetings.

    ------------------------------
    Consultant
    Root Technologies
    Mexico City
    ------------------------------