The Indeed PAM SSH Proxy component is installed on a dedicated server, and installation on an access server is also possible.

Edit Indeed PAM Core configuration file C:\inetpub\wwwroot\api\Web.config. In the appSettings section for the PamProxyIpAddresses key, the allowed IP addresses of SSH Proxy servers along with Indeed PAM Gateway addresses must be listed:

<appSettings>
  ... 
  <!-- Allowed ip addresses-->
  <add key="PamProxyIpAddresses" value="192.168.10.200,192.168.10.202" />
  ...
</appSettings>

Use the console utility (located in \Misc\ConsoleApp) command Pam.ConsoleApp.exe generate-secret to generate a secret and hash.

D:\Indeed.PAM.ConsoleApp>Pam.ConsoleApp.exe generate-secret
Secret: pimqm+UUpw7I7a7SHjYpAGfqZajfuMZi+LHkI0Vmz6uTnZTWH6+j4twC1tnx/2DKKxgSW/wg9IxbN5IAO+CBKA==
Hash: +Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=
Done.

Go to the directory C:\Program Files\Indeed PAM\SSH Proxy\SshProxy and edit the file Pam.SshProxy.Service.exe.config: 

<pamProxy ... />:

  • Port - TCP port for incoming SSH connections
  • ApiUrl - is the URL of Indeed PAM Core

  • IdpUrl - is the URL of Indeed PAM IdP

  • SshProxySecret - Secret for client keys for additional component authentication

The hash will need to be specified when setting up Indeed PAM IdP.

After editing the SSH Proxy configuration file, restart the service

C:\>powershell -command "Restart-Service PAM.SshProxy.Service -Force"


  • No labels