When troubleshooting an issue, Broadcom Support may need to access the PAM appliance through SSH. As of 4.x PAM, a new SSH debug patch is created monthly. Even though the patch is created monthly, the SSH debug patch will last for 90 days before expiring. This KB will explain how to upload the patch and enable debug services.
Privileged Access Manager, all versions
After logging into the PAM GUI, go to Configuration > Diagnostics > System and ensure that Remote CA PAM Debugging Services is turned off. If the SSH debug file is uploaded while the services are on, they must be turned off then back on in order to access the appliance through SSH.
After ensuring the debugging services are off, go to the Upgrade page and click CHOOSE FILE. Browse to the PAM_SUPPORT_SSH_DEBUG.bin file provided by Support, then click UPLOAD AND APPLY. Once it completes, it will be listed in the Upgrade History.
After applying PAM_SUPPORT_SSH_DEBUG.bin, go back to Diagnostics > System and enable the Debugging Services. Select how long for the services to remain on, up to 30 days, and click SUBMIT to save the change.
Now open Putty and enter the IP or hostname of the appliance. Go to Connection > SSH > Auth and browse to the private key file that accompanied PAM_SUPPORT_SSH_DEBUG.bin. Go back to Session, Enter the hostname or IP again under Saved Sessions, then click Save to save the configuration.