How to create PuTTY as a TCP/UDP Service with Automated Logins in PAM?

book

Article ID: 103707

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

How to create PuTTY as a TCP/UDP Service with Automated Logins in PAM?

Environment

PAM 3.x

Resolution

The PuTTY TCP/UDP should be configured as:

  • Ports: 22
  • Protocol: TCP
  • Application Protocol: SSH
  • Client Application: <PATH TO PuTTY> -ssh <user>@<Local IP> <First Port> -loghost <Device Name>

 

The "-loghost <Device Name>" argument sets the PuTTY Window title to the device name configured in PAM for the device you are connecting to. If you don't use this argument, all PuTTY sessions will show a connection to the local IP defined in the TCP/UDP service.

Example:

"C:\putty\putty.exe" -ssh <Local IP> <user>@<Local IP> <First Port> -loghost <Device Name>

Assign the service to a target device, add it in an access policy, and in the policy define a target account for auto-login. When the PAM user clicks on the service icon on the access page, PuTTY should launch and PAM should automatically log on with the credentials configured in the policy.
If PuTTY does not launch for a user, the reason most likely is that this user has PuTTY installed in a different location, not in the path that is defined in the service. In that case the user can click on the "Set or change local application" link in the popup that PAM shows after the service icon is launched, and use a client application string with the correct path for the local client. This needs to include all arguments following the path, like
 
"C:\my\path\to\putty\putty.exe" -ssh <Local IP> <user>@<Local IP> <First Port> -loghost <Device Name>