Setting up PuTTY as a TCP/UDP PAM Service
Issue/Introduction:
PAM allows the inclusion of several applications as TCP/UDP Services to be invoked from within its environment and control the access to the devices through these applications.
This document explains how to add PuTTY as a PAM service.
Environment:
Layer 7 Privileged Access Management
Version 3.x
Resolution:
PuTTY can be added to PAM as a TCP/UDP Service.
To do so, fill up the fields in the TCP/UDP service definition window with the following information:
Service Name: _PuTTY SSH
Local IP: 127.0.0.5 (the last byte can be other than 5, choose the proper one in your system)
Port(s): 22
Protocol: TCP
Enable: <selected>
Application Protocol: SSH
Client Application: "C:\Program Files\PuTTY\putty.exe" -ssh <Local IP> <First Port> -l <User> -pw <Password>
Just like it is shown in the following screenshot (the 'Comment' field contains the full command for readability, as the 'Client Application' field is not showing the full contents):
Then add this service to the device you want to connect to using PuTTY, as shown in the image:
And finally create or modify a policy to access it:
And add the proper target account to perform the auto login to PuTTY:
Now the Access to the device should show the WINSCP service available:
To do so, fill up the fields in the TCP/UDP service definition window with the following information:
Service Name: _PuTTY SSH
Local IP: 127.0.0.5 (the last byte can be other than 5, choose the proper one in your system)
Port(s): 22
Protocol: TCP
Enable: <selected>
Application Protocol: SSH
Client Application: "C:\Program Files\PuTTY\putty.exe" -ssh <Local IP> <First Port> -l <User> -pw <Password>
Just like it is shown in the following screenshot (the 'Comment' field contains the full command for readability, as the 'Client Application' field is not showing the full contents):
Then add this service to the device you want to connect to using PuTTY, as shown in the image:
And finally create or modify a policy to access it:
And add the proper target account to perform the auto login to PuTTY:
Now the Access to the device should show the WINSCP service available:
Additional Information:
Most of the external applications configured as PAM TCP/UDP services, do not support session recording.
For PuTTY the session recording is supported.
For checking the command line parameters for PuTTY please visit:
3.8.3 PuTTY STANDARD COMMAND-LINE OPTIONS