search cancel

The SSH recorded sessions in PAM just show the launched commands


Article ID: 187251


Updated On:


CA Privileged Access Manager (PAM)


The recorded SSH sessions are very small, just a few kilobytes in size, and just contain the commands issued by the operator.
Reviewing a recorded session of a SSH connection we made running the commands 'ls -lias' and 'exit', and it looked like this:


We reviewed the configuration parameters related to the session recording on the PAM server and we found that the 'Text based recording to NFS/CIFS/S3 mounted directory' was set (this is correct):

but in the 'Recording' tab in the policy definition, we found that the 'Bidirectional' checkbox was unchecked:


Product: Layer 7 Privileged Access Manager
Version: 3.x


Open the PAM Client and go to 'Policies / Manage Policies'. Select the policy having the SSH access.
Go to the 'Recording' tab and switch the 'Bidirectional' checkbox ON:

Save the policy.
Go to the 'Access' tab and start the SSH session.
Launch the commands 'ls -lias' and 'exit'.
Go to 'Sessions / Session Recordings' and play the recorded session. Now it should show all the launched commands and their outputs:

Additional Information

See also: Set Up a Policy