You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The Indeed PAM SSH Proxy component is installed on a dedicated server, and installation on an access server is also possible.

Edit Indeed PAM Core configuration file C:\inetpub\wwwroot\api\Web.config. In the appSettings section for the PamProxyIpAddresses key, the allowed IP addresses of SSH Proxy servers along with Indeed PAM Gateway addresses must be listed:

<appSettings>
  ... 
  <!-- Allowed ip addresses-->
  <add key="PamProxyIpAddresses" value="192.168.10.200,192.168.10.202" />
  ...
</appSettings>

Use the console utility command Pam.ConsoleApp.exe generate-secret to generate a secret and hash.

D:\Indeed.PAM.ConsoleApp>Pam.ConsoleApp.exe generate-secret
Secret: pimqm+UUpw7I7a7SHjYpAGfqZajfuMZi+LHkI0Vmz6uTnZTWH6+j4twC1tnx/2DKKxgSW/wg9IxbN5IAO+CBKA==
Hash: +Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=
Done.

Go to the directory C:\Program Files\Indeed PAM\SSH Proxy\SshProxy and edit the file Pam.SshProxy.Service.exe.config: 

<pamProxy ... />:

  • Port - TCP port for incoming SSH connections
  • ApiUrl - is the URL of Indeed PAM Core

  • IdpUrl - is the URL of Indeed PAM IdP

  • SshProxySecret - Secret for client keys for additional component authentication

Хэш нужно будет указать при настройке Indeed PAM IdP.

After editing the SSH Proxy configuration file, restart the service

C:\>powershell -command "Restart-Service PAM.SshProxy.Service -Force"


  • No labels