Enabling SSH Proxy in XTAM
- Login to XTAM with a System Administrator account
- Navigate to Administration > Setting > Parameters
- Locate and modify the following settings:
- SSH Proxy: Switch this option to Enabled and click the Save button to its right.
- SSH Proxy Port: Use or change the port value that XTAM will use for SSH proxy and click the Save button to its right.
- Once both settings have been updated and saved, restart the PamManagement service (Windows) or pammanager service (Unix/Linux).
- When the services is fully restarted (can take 1-5 minutes), the SSH proxy module is online.
Controlling the list of channels
To control the list of channels available in SSH Proxy on a system wide level use global parameter SSH Proxy Allowed Channels.
This parameter controls what channels/subsystems allowed to use by client software when connecting through SSH Proxy server.
Supported channels are:
- shell - Allow shell connection
- exec - Allow remote command execution including scp transfer
- sftp - Allow file transfer using SFTP protocol
- tunnel - Allow SSH tunnels over SSH Proxy
The system wide settings could be overridden on record level using String custom filed named SshChannels.
There are two scenarios to override channel settings:
- List channels allowed for current record. This will allow only shell and exec channels to open: shell, exec
- Use system defaults but add or remove specific channel. This will use setting from system parameter but allow sftp and deny tunnel channels: +sftp,-tunnel
PKCS#8 private key format support
XTAM supports the accept PKCS#8 private key format when establishing connections to remote SSH end-points.
This option simplifies the process of on-boarding assets by supporting more key formats without the requirement to convert them to more popular ones.
Note password encrypted PKCS#8 keys still need to be converted to other supported formats before on-boarding them into the system records.
XTAM supports PEM RSA, PEM OpenSSH, PPK, PKCS#8 private key formats when establishing WEB SSH sessions, SSH Proxy sessions or executing jobs on the remote servers using both SSH Remote and Interactive SSH execution strategies using either JSCH and SSHD drivers.