PAM : Transparent Login example : SSH access over PuTTY in RDP application
Article ID: 191890
Updated On: 04-04-2023
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
This article describes an example of Transparent login.
SSH access over PuTTY in RDP application.
SSH access over PuTTY in RDP application.
Environment
PAM Any version
Resolution
Make sure all the prerequisites are satisfied.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-2/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/setting-up-transparent-login.html
1. Create 2 TL configurations (Go to Services > Transparent Login Configurations)
Name: PuTTY - 1st Window
----------------------------------------------------------------------------------------------------
<window id="">
<edit id="[CLASS:Edit; INSTANCE:1]" host="true"/>
<click id="[CLASS:Button; INSTANCE:1]"/>
<sleep time="2000"/>
</window>
----------------------------------------------------------------------------------------------------
Name: PuTTY - 2nd Window
----------------------------------------------------------------------------------------------------
<window id="">
<send username="true" id="window"/>
<send text="{ENTER}" id="window"/>
<sleep time="2000"/>
<send password="true" id="window"/>
<send text="{ENTER}" id="window"/>
</window>
----------------------------------------------------------------------------------------------------
2. Create a RDP Application (Go to Services > Manage RDP Applications)
RDP Name: PuTTY TL Test
RDP Path: "C:\Program Files\PuTTY\putty.exe"
Move to Transparent Login tab, enable the Transparent Login checkbox and associate Transparent Login Configuration to each Window Title.
Window Title is very important. In this example, it must be equal to actual Window title of PuTTY.
Window Title: PuTTY Configuration
Associate "PuTTY - 1st Window" Transparent Login Configuration to the Window and enable the RDP Session checkbox
Window Title: <IP Address of Target Linux device> - PuTTY
Associate "PuTTY - 2nd Window" Transparent Login Configuration to the Window and enable the RDP Session checkbox.
In Services tab of Windows device, enable RDP Application you have created.
In policy for the Windows device, the Services tab, select the RDP Application for PuTTY
Add the RDP access account for service and SSH access account as Transparent Login account (Used for PuTTY).
In policy for the Windows device, the Transparent Login tab, check the Enabled checkbox.
Expected outcome with this example RDP Application.
1. An RDP window will launch, transparent Login agent loaded and full desktop loaded.
2. PuTTY application GUI will automatically launch.
3. Transparent Login agent will automatically fill out target device ip address and the credentials for PuTTY GUI.
4. SSH login is automatically completed.
1. Create 2 TL configurations (Go to Services > Transparent Login Configurations)
Name: PuTTY - 1st Window
----------------------------------------------------------------------------------------------------
<window id="">
<edit id="[CLASS:Edit; INSTANCE:1]" host="true"/>
<click id="[CLASS:Button; INSTANCE:1]"/>
<sleep time="2000"/>
</window>
----------------------------------------------------------------------------------------------------
Name: PuTTY - 2nd Window
----------------------------------------------------------------------------------------------------
<window id="">
<send username="true" id="window"/>
<send text="{ENTER}" id="window"/>
<sleep time="2000"/>
<send password="true" id="window"/>
<send text="{ENTER}" id="window"/>
</window>
----------------------------------------------------------------------------------------------------
2. Create a RDP Application (Go to Services > Manage RDP Applications)
RDP Name: PuTTY TL Test
RDP Path: "C:\Program Files\PuTTY\putty.exe"
Move to Transparent Login tab, enable the Transparent Login checkbox and associate Transparent Login Configuration to each Window Title.
Window Title is very important. In this example, it must be equal to actual Window title of PuTTY.
Window Title: PuTTY Configuration
Associate "PuTTY - 1st Window" Transparent Login Configuration to the Window and enable the RDP Session checkbox
Window Title: <IP Address of Target Linux device> - PuTTY
Associate "PuTTY - 2nd Window" Transparent Login Configuration to the Window and enable the RDP Session checkbox.
In Services tab of Windows device, enable RDP Application you have created.
In policy for the Windows device, the Services tab, select the RDP Application for PuTTY
Add the RDP access account for service and SSH access account as Transparent Login account (Used for PuTTY).
In policy for the Windows device, the Transparent Login tab, check the Enabled checkbox.
Expected outcome with this example RDP Application.
1. An RDP window will launch, transparent Login agent loaded and full desktop loaded.
2. PuTTY application GUI will automatically launch.
3. Transparent Login agent will automatically fill out target device ip address and the credentials for PuTTY GUI.
4. SSH login is automatically completed.
Feedback
Yes
No
Powered by
