Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The Indeed PAM SSH Proxy component is installed on a dedicated server, and installation on an access server is also possible.
Edit Indeed PAM Core configuration file C:\inetpub\wwwroot\api\Web.config. In the appSettings section for the PamProxyIpAddresses key, the allowed IP addresses of SSH Proxy servers along with Indeed PAM Gateway addresses must be listed:
| Code Block | ||
|---|---|---|
| ||
<appSettings>
...
<!-- Allowed ip addresses-->
<add key="PamProxyIpAddresses" value="192.168.10.200,192.168.10.202" />
...
</appSettings> |
Use the console utility (located in \Misc\ConsoleApp) command Pam.ConsoleApp.exe generate-secret to generate a secret and hash.
| Code Block | ||
|---|---|---|
| ||
D:\Indeed.PAM.ConsoleApp>Pam.ConsoleApp.exe generate-secret
Secret: pimqm+UUpw7I7a7SHjYpAGfqZajfuMZi+LHkI0Vmz6uTnZTWH6+j4twC1tnx/2DKKxgSW/wg9IxbN5IAO+CBKA==
Hash: +Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=
Done. |
Go to the directory C:\Program Files\Indeed PAM\SSH Proxy\SshProxy and edit the file Pam.SshProxy.Service.exe.config:
<pamProxy ... />:
- Port - TCP port for incoming SSH connections
- ApiUrl - is the URL of Indeed PAM Core
IdpUrl - is the URL of Indeed PAM IdP
SshProxySecret - Secret for client keys for additional component authentication
Note icon false
secret is generated by the console utility Pam.ConsoleApp.exe
Code Block language xml <pamProxy Port="22" ApiUrl="https://pam.domain.local/pam/core" IdpUrl="https://pam.domain.local/pam/idp" SshProxySecret="sL3EwbV91dJnEhcw75Dl0xkamylQMMAjBj0dQF6xWqfQZ+Dgu06JgkQJH+anWABthQzQyBdtWk8s6oNuvgEpRA==" />
After editing the SSH Proxy configuration file, restart the PAM.SshProxy.Service service
| Code Block | ||||
|---|---|---|---|---|
| ||||
C:\>powershell -command "Restart-Service PAM.SshProxy.Service -Force" |