How can I make PAM show the actual target device address instead of the loopback address when accessing it via SecureCRT defined in PAM as a TCP/UDP Service?
search cancel

How can I make PAM show the actual target device address instead of the loopback address when accessing it via SecureCRT defined in PAM as a TCP/UDP Service?

book

Article ID: 138208

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

It may be needed that several SSH connections were started simultaneously to different devices using SecureCRT, defined as a TCP service, from within PAM.

When opening several SSH sessions SecureCRT shows a tab for each of them. 

By default, the tabs show the IP address of the target device, which in the case of the sessions opened from PAM is the loopback address, as shown in the capture:


  


The challenge here is to identify the target of each connection as all of them show the loopback address.

Environment

PRIVILEGED ACCESS MANAGEMENT 3.x and above.

Resolution

Definitively PAM cannot deal with these tabs, as they belong to SecureCRT. 

However, configuring SecureCRT with some parameters may help. 

Please, modify the TCP Service line in PAM with one similar to the following one:


""C:\Program Files\VanDyke Software\SecureCRT81\securecrt.exe " /T /N "<Device Name>" /TITLEBAR "Launched By PAM" /SSH2 <Local IP> /P <First Port>" 


NOTE: Please make sure that the full path to securecrt.exe matches the one on your workstation.


This will show in each tab for a terminal opened from PAM the IP of the originating host

Additional Information

See also: SecureCRT – Command Line Options
Powered by Wolken Software