PAM : Transparent Login example : SSH access over PuTTY in RDP application

book

Article ID: 191890

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

This article describes an example of Transparent login.
SSH access over PuTTY in RDP application.

Environment

PAM Any version

Resolution

Make sure all the prerequisites is satisfied.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/setting-up-transparent-login/set-up-transparent-login-for-rdp-servers.html


1. Create 2 TL configurations (Go to Services > Transparent Login Configurations)

Name: PuTTY - 1st Window
----------------------------------------------------------------------------------------------------
<window id="">
  <edit id="[CLASS:Edit; INSTANCE:1]" host="true"/>
  <click id="[CLASS:Button; INSTANCE:1]"/>
  <sleep time="2000"/>
</window>
----------------------------------------------------------------------------------------------------



Name: PuTTY - 2nd Window
----------------------------------------------------------------------------------------------------
<window id="">
  <send username="true" id="window"/>
  <send text="{ENTER}" id="window"/>
  <sleep time="2000"/>
  <send password="true" id="window"/>
  <send text="{ENTER}" id="window"/>
</window>
----------------------------------------------------------------------------------------------------



2. Create a RDP Application (Go to Services > Manage RDP Applications)

RDP Name: PuTTY TL Test
RDP Path: "C:\Program Files\PuTTY\putty.exe"



Move to Transparent Login tab, enable the Transparent Login checkbox and associate Transparent Login Configuration to each Window Title.
Window Title is very important. In this example, it must be equal to actual Window title of PuTTY.

Window Title: PuTTY Configuration
Associate "PuTTY - 1st Window" Transparent Login Configuration to the Window and enable the RDP Session checkbox

Window Title: <IP Address of Target Linux device> - PuTTY
Associate "PuTTY - 2nd Window" Transparent Login Configuration to the Window and enable the RDP Session checkbox.



In Services tab of Windows device, enable RDP Application you have created.



In policy for the Windows device, the Services tab, select the RDP Application for PuTTY
Add the RDP access account for service and SSH access account as Transparent Login account (Used for PuTTY).



In policy for the Windows device, the Transparent Login tab, check the Enabled checkbox.




Expected outcome with this example RDP Application.

1. An RDP window will launch, transparent Login agent loaded and full desktop loaded.
2. PuTTY application GUI will automatically launch.
3. Transparent Login agent will automatically fill out target device ip address and the credentials for PuTTY GUI.
4. SSH login is automatically completed.

Attachments