The SSH recorded sessions in PAM just show the launched commands
Article ID: 187251
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
The recorded SSH sessions are very small, just a few kilobytes in size, and just contain the commands issued by the operator.
Reviewing a recorded session of a SSH connection we made running the commands 'ls -lias' and 'exit', and it looked like this:
Reviewing a recorded session of a SSH connection we made running the commands 'ls -lias' and 'exit', and it looked like this:
Environment
Product: Layer 7 Privileged Access Manager
Version: 3.x
Version: 3.x
Cause
We reviewed the configuration parameters related to the session recording on the PAM server and we found that the 'Text based recording to NFS/CIFS/S3 mounted directory' was set (this is correct):
but in the 'Recording' tab in the policy definition, we found that the 'Bidirectional' checkbox was unchecked:
but in the 'Recording' tab in the policy definition, we found that the 'Bidirectional' checkbox was unchecked:
Resolution
Open the PAM Client and go to 'Policies / Manage Policies'. Select the policy having the SSH access.
Go to the 'Recording' tab and switch the 'Bidirectional' checkbox ON:
Save the policy.
Go to the 'Access' tab and start the SSH session.
Launch the commands 'ls -lias' and 'exit'.
Go to 'Sessions / Session Recordings' and play the recorded session. Now it should show all the launched commands and their outputs:
Go to the 'Recording' tab and switch the 'Bidirectional' checkbox ON:
Save the policy.
Go to the 'Access' tab and start the SSH session.
Launch the commands 'ls -lias' and 'exit'.
Go to 'Sessions / Session Recordings' and play the recorded session. Now it should show all the launched commands and their outputs:
Additional Information
See also: Set Up a Policy
Attachments
Feedback
Yes
No
Powered by
