Creating secure PAM SSH sessions using your own desktop client side applications like PuTTY, SecureCRT or WinSCP
Ever find yourself stuck between the needs (and demands) of your Administrators, Developers and Contractors and the needs (and demands) of your Security department, Auditors and your CISO?
Your Administrators need quick, easy and efficient access to your business’s privileged accounts and systems, with minimal disruptions to their workflow in order to excel at their job. And trying to get them to use some other piece of software is absolutely out of the question.
On the other hand, your have Auditors and upper management demanding that you secure accounts, keys and access to all of these same systems. They want (and demand) Audit reports, granular permissions, constant notifications and other safe-guards so your business does not become the next victim of a security breach.
Enter Xton Access Manager which satisfies the very legitimate wants and demands of both sides. Quick, easy and secure native client based password-less access using their own desktop SSH clients (like PuTTY, OpenSSH and SecureCRT) while enforcing audit events, notifications, permissions, access request and password rotation.
The following sections describe how to create secure SSH records in XTAM and then how to use these records in your native desktop clients.
Enabling SSH Proxy in XTAM
Login to XTAM with a System Administrator account
Navigate to Administration > Setting > Parameters
Locate and modify the following settings:
SSH Proxy: Switch this option to Enabled and click the Save button to its right.
SSH Proxy Port: Use or change the port value that XTAM will use for SSH proxy and click the Save button to its right.
Once both settings have been updated and saved, restart the PamManagement service (Windows) or pammanager service (Unix/Linux).
When the services is fully restarted (can take 1-5 minutes), the SSH proxy module is online.
Creating a SSH session record in XTAM
In XTAM, create a new record using one of the available Unix types. This includes Unix Host (user and password auth), Unix Host with Key (user and ssh key auth), Unix Host with Protected Key (user, ssh key and passphrase auth), Unix Host with SU (user and password with switch user) or any custom record type for utilizes the SSH protocol.
Populate all the fields with your endpoint’s connection details.
Click the Save and Return button.
Your record is now saved and under management in XTAM. All access to this record will be captured in the audit log, including Active and Completed sessions as well as keystrokes. Permissions and workflows can also be applied to your users or groups ensuring only authorized personnel can access to the record. Your CISO, Auditors and Security team are now smiling.
Using your SSH session record in a native SSH Client
Now its time to make your Administrators, Developers and Contractors happy too.
Open your local SSH client (we will use PuTTY in our example but most other SSH clients function similarly) and create a new session
In the Host Name field, enter the hostname of your XTAM server (for example: xtam.company.com)
In the Port field, enter the port number you assigned in the XTAM configuration from the previous section (default port in XTAM is 2022)
For the Connection Type, select SSH.
Save the session and then Open the SSH connection
When PuTTY prompts for a login as account, enter a user string as described below:
YourXTAMLoginName#XTAMrecordName or YourXTAMLoginName#XTAMrecordID
For example, if your login to XTAM was the username bwilliams and the XTAM record that contains the SSH details has the name Unix Production Server and ID 41603, then the login string would be bwilliams#Unix Production Server or bwilliams#41603
Press your Enter key
You will now observe an Authentication Banner is displayed to illustrate that the session is being provided via the XTAM Secure Shell Proxy
At the Password prompt, enter the password for your XTAM login
Press your Enter key to complete the authentication process
After a few moments, you will be connected to the remote SSH endpoint using the secured connection details in the referenced XTAM record.
To confirm that the session is being provided via XTAM, you can navigate to the Session tab of this record and note that there is now an Active session using this record. You can also execute commands in the PuTTY session and see them appear in the XTAM event log.
Example using Command or Terminal Prompt
Example using SecureCRT
Example using WinSCP