Imprivata Privileged Access Management Product Update 2.3.201902102231

February 10, 2019

PAM Update: Adds support for public key authentication for personal accounts when using native SSH applications

The highlight of this update includes support for public key authentication for personal accounts when establishing high trust connections to remote devices using native SSH applications such as SSH shell, Secure CRT or PuTTY.

PAM SSH Proxy provides support for native SSH applications such as SSH Shell, PuTTY, Secure CRT, MobaXTerm,, etc to establish high-trust connections to remote servers by using the personal account (managed by Microsoft AD, eDirectory or PAM itself) without knowledge of the actual (shared or privileged) account on the destination server.

PAM SSH Proxy allows connection to remote servers using both user/password or private/public key authentication strategies as supported by the remote server for this account. However, until this update, it was only possible to use this option by using the user/password authentication method for a personal account in the PAM SSH Proxy server itself.

This update brings the option to use private/public key pair as an authentication mechanism to PAM SSH Proxy to enable browsing available assets and connecting to them using the PAM SSH Proxy shell or connecting directly to the remote servers.

Using a private key authentication mechanism when connecting to remote SSH servers simplifies access, promotes automation, reduces the number of passwords and increases overall network security.

Note, that it is possible to utilize the public/private key authentication method to the PAM personal account while connecting to remote servers using either user/password or key-based authentication.

To enable this option, upload the public key of the pair generated by PuTTY, ssh-keygen or any other mechanism to the PAM server using the Management / My Profile / Preferences / Ssh2 Public Key controls. Alternatively, generate new key pair using the same controls to download a private key to use during connection.

Note that PAM stores only public keys in the user’s profile of the PAM vault. The keys are not stored in the back end user directory (such as Active Directory).