CLI Unix Target Account SSH-Key Authentication

book

Article ID: 143070

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

The target account SSH-Key Authentication in CLI Unic fails with 400 error.

Cause

The problem is related to parsing the multi line parameter of the private key in the CLI command.

Environment

Release : 3.2

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The problem is related to parsing the multi line parameter of the private key in the CLI command.

Since the private key cannot be written in a single line it needs to be encrypted with base64 to preserve the actual key and pass an additional argument that password is base64 encoded.

When TargetAccount.password is Base64 encoded it is necessary to pass an extra attribute passwordIsBase64Encoded.

Use the TargetAccount.synchronize=true parameter.

For example:

capam_command adminUserID=super adminPassword=xxx capam=PAM_IP cmdName=addTargetAccount TargetServer.hostName=HOSTNAME-OR-IP TargetApplication.name=APPLICATION_NAME TargetAccount.userName=root TargetAccount.password="TARGET_ACCOUNT_PASSWORD" Attribute.protocol=SSH2_PUBLIC_KEY_AUTH "Attribute.publicKey=ssh-rsa PUBLIC_KEY_STRING " Attribute.passwordChangeMethod=IS_ROOT_ACCOUNT Attribute.useOtherAccountToChangePassword=false TargetAccount.privileged=true TargetAccount.synchronize=false Attribute.passphrase=changeit  passwordIsBase64Encoded=true