Remote CLI Unix Target Account SSH-Key Authentication
search cancel

Remote CLI Unix Target Account SSH-Key Authentication

book

Article ID: 143070

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Creation of a target account with SSH-Key Authentication using the remote CLI on Unix fails with a 400 error.

Environment

Applies to any PAM release

Cause

The problem is related to parsing the multi line parameter of the private key in the CLI command.

Resolution

The problem is related to parsing the multi line parameter of the private key in the CLI command.

Since the private key cannot be written in a single line it needs to be encrypted with base64 to preserve the actual key and pass an additional argument that password is base64 encoded.

When TargetAccount.password is Base64 encoded it is necessary to pass an extra attribute passwordIsBase64Encoded.

Use the TargetAccount.synchronize=true parameter.

For example:

capam_command adminUserID=super adminPassword=xxx capam=PAM_IP cmdName=addTargetAccount TargetServer.hostName=HOSTNAME-OR-IP TargetApplication.name=APPLICATION_NAME TargetAccount.userName=root TargetAccount.password="PRIVATE_KEY_BASE64_STRING" Attribute.protocol=SSH2_PUBLIC_KEY_AUTH "Attribute.publicKey=ssh-rsa PUBLIC_KEY_STRING" Attribute.passwordChangeMethod=IS_ROOT_ACCOUNT Attribute.useOtherAccountToChangePassword=false TargetAccount.privileged=true TargetAccount.synchronize=false Attribute.passphrase=changeit  passwordIsBase64Encoded=true 

Powered by Wolken Software