View Source

The Indeed PAM SSH Proxy component is installed on a dedicated server, and installation on an access server is also possible.

Edit Indeed PAM Core configuration file C:\inetpub\wwwroot\api\Web.config. In the appSettings section for the PamProxyIpAddresses key, the allowed IP addresses of SSH Proxy servers along with Indeed PAM Gateway addresses must be listed:

<appSettings>
  ... 
  <!-- Allowed ip addresses-->
  <add key="PamProxyIpAddresses" value="192.168.10.200,192.168.10.202" />
  ...
</appSettings>

Use the console utility (located in \Misc\ConsoleApp) command Pam.ConsoleApp.exe generate-secret to generate a secret and hash.

D:\Indeed.PAM.ConsoleApp>Pam.ConsoleApp.exe generate-secret
Secret: pimqm+UUpw7I7a7SHjYpAGfqZajfuMZi+LHkI0Vmz6uTnZTWH6+j4twC1tnx/2DKKxgSW/wg9IxbN5IAO+CBKA==
Hash: +Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=
Done.

Go to the directory C:\Program Files\Indeed PAM\SSH Proxy\SshProxy and edit the file Pam.SshProxy.Service.exe.config:

<pamProxy ... />:

Port - TCP port for incoming SSH connections
ApiUrl - is the URL of Indeed PAM Core
IdpUrl - is the URL of Indeed PAM IdP
SshProxySecret - Secret for client keys for additional component authentication

The hash will need to be specified when setting up Indeed PAM IdP.

After editing the SSH Proxy configuration file, restart the service

C:\>powershell -command "Restart-Service PAM.SshProxy.Service -Force"