ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Setting up WINSCP as a TCP/UDP PAM Service

book

Article ID: 144432

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM allows the inclusion of several applications as TCP/UDP Services to be invoked from within its environment and control the access to the devices through these applications.
This document explains how to add WINSCP as a PAM service.

Environment

Component: Privileged Access Management
Version:  3.4.x, 4.0.x

Resolution

WinSCP can be added to PAM as a TCP/UDP Service.
To do so, fill up the fields in the TCP/UDP service definition window with the following information, assuming WinSCP is installed under C:\Program Files (x86):
 
  Service Name: _WINSCP
  Local IP: 127.0.0.222 (the last byte can be other than 222, choose the proper one in your system)
  Port(s): 22:*
  Protocol: TCP
  Enable: <selected>
  Application Protocol: SSH
  File Transfer: <selected>
  Client Application: "C:\Program Files (x86)\WinSCP\WinSCP.exe" sftp://<User>@<Local IP>:<First Port> /sessionname=<Device Name>
  or if you want to use scp than:
  Client Application: "C:\Program Files (x86)\WinSCP\WinSCP.exe" scp://<User>@<Local IP>:<First Port> /sessionname=<Device Name>
 


Just like it is shown in the following screenshot (the 'Comment' field contains the full command for readability, as the 'Client Application' field is not showing the full contents):



Then add this service to the device you want to connect to using WinSCP, as shown in the image:





And finally, create or modify a policy to access it:





And add the proper target account to perform the auto login to WINSCP:





Now the Access to the device should show the WINSCP service available:

Attachments