Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The Indeed PAM SSH Proxy component is installed on a dedicated server, and installation on an access server is also possible.
Edit Indeed PAM Core configuration file C:\inetpub\wwwroot\api\Web.config. In the appSettings section for the PamProxyIpAddresses key, the allowed IP addresses of SSH Proxy servers along with Indeed PAM Gateway addresses must be listed:
| Code Block | ||
|---|---|---|
| ||
<appSettings> ... <!-- Allowed ip addresses--> <add key="PamProxyIpAddresses" value="192.168.10.200,192.168.10.202" /> ... </appSettings> |
Use the console utility (located in \Misc\ConsoleApp) command Pam.ConsoleApp.exe generate-secret to generate a secret and hash.
| Code Block | ||
|---|---|---|
| ||
D:\Indeed.PAM.ConsoleApp>Pam.ConsoleApp.exe generate-secret Secret: pimqm+UUpw7I7a7SHjYpAGfqZajfuMZi+LHkI0Vmz6uTnZTWH6+j4twC1tnx/2DKKxgSW/wg9IxbN5IAO+CBKA== Hash: +Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E= Done. |
Go to the directory C:\Program Files\Indeed PAM\SSH Proxy\SshProxy and edit the file Pam.SshProxy.Service.exe.config:
<pamProxy ... />:
- Port - TCP port for incoming SSH connections
- ApiUrl - is the URL of Indeed PAM Core
IdpUrl - is the URL of Indeed PAM IdP
- SshProxySecret - Secret for client keys for additional component authentication
| Warning | ||
|---|---|---|
| ||
The hash will need to be specified when setting up Indeed PAM IdP. |
After editing the SSH Proxy configuration file, restart the service
| Code Block | ||||
|---|---|---|---|---|
| ||||
C:\>powershell -command "Restart-Service PAM.SshProxy.Service -Force" |