ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The SSH recorded sessions in PAM just show the launched commands

book

Article ID: 187251

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The recorded SSH sessions are very small, just a few kilobytes in size, and just contain the commands issued by the operator.
Reviewing a recorded session of a SSH connection we made running the commands 'ls -lias' and 'exit', and it looked like this:



Cause

We reviewed the configuration parameters related to the session recording on the PAM server and we found that the 'Text based recording to NFS/CIFS/S3 mounted directory' was set (this is correct):




but in the 'Recording' tab in the policy definition, we found that the 'Bidirectional' checkbox was unchecked:



Environment

Product: Layer 7 Privileged Access Manager
Version: 3.x

Resolution

Open the PAM Client and go to 'Policies / Manage Policies'. Select the policy having the SSH access.
Go to the 'Recording' tab and switch the 'Bidirectional' checkbox ON:



Save the policy.
Go to the 'Access' tab and start the SSH session.
Launch the commands 'ls -lias' and 'exit'.
Go to 'Sessions / Session Recordings' and play the recorded session. Now it should show all the launched commands and their outputs:



Additional Information

See also: Set Up a Policy

Attachments