How to create PuTTY as a TCP/UDP Service with Automated Logins in PAM?
Article ID: 103707
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
How to create PuTTY as a TCP/UDP Service with Automated Logins in PAM?
Environment
PAM 3.x, 4.x
Resolution
The PuTTY TCP/UDP should be configured as:
- Ports: 22
- Protocol: TCP
- Application Protocol: SSH
- Client Application: <PATH TO PuTTY> -ssh <user>@<Local IP> <First Port> -loghost <Device Name>
The "-loghost <Device Name>" argument sets the PuTTY Window title to the device name configured in PAM for the device you are connecting to. If you don't use this argument, all PuTTY sessions will show a connection to the local IP defined in the TCP/UDP service.
Example:
"C:\putty\putty.exe" -ssh <Local IP> <user>@<Local IP> <First Port> -loghost <Device Name>
"C:\putty\putty.exe" -ssh <Local IP> <user>@<Local IP> <First Port> -loghost <Device Name>
Assign the service to a target device, add it in an access policy, and in the policy define a target account for auto-login. When the PAM user clicks on the service icon on the access page, PuTTY should launch and PAM should automatically log on with the credentials configured in the policy.
If PuTTY does not launch for a user, the reason most likely is that this user has PuTTY installed in a different location, not in the path that is defined in the service. In that case the user can click on the "Set or change local application" link in the popup that PAM shows after the service icon is launched, and use a client application string with the correct path for the local client. This needs to include all arguments following the path, like
"C:\my\path\to\putty\putty.exe" -ssh <Local IP> <user>@<Local IP> <First Port> -loghost <Device Name>
Feedback
Yes
No
Powered by
