Configure Platforms for PSM for SSH Connections

This topic describes how to verify that a platform is configured for connections through PSM for SSH.

  1. Log onto the Password Vault Web Access as a user with permission to configure platforms.

  2. Click ADMINISTRATION to display the System Configuration page, then click Platform Management to display a list of supported target account platforms.

  3. Select the platform in which you will enable PSM for SSH, then click Edit; the settings page for the selected platform appears.

  4. Expand UI & Workflows, and then expand Connection Components, and make sure that the PSMP-SSH Connection Component is defined and enabled. Further, to enable users to copy files with PSM for SSH make sure that the PSMP-SCPand PSM-SFTP Connection Components are defined and enabled.

  5. Expand UI & Workflows, and then select Privileged Session Management; the PSM parameters are displayed with their default values.

  6. To enable PSM to use accounts that are required to initiate PSM connections without requiring confirmation, even if the Safes are configured for Dual Control, change the value of DisableDualControlForPSMConnections to Yes.

  7. Click Apply to save the new parameter values and stay in the same page,

or,

Click OK to save them and return to the System Configuration page.

  1. Log onto the PrivateArk Client with an administrative user.

  2. Open the PVWAConfig Safe and retrieve and open the Policies.xml configuration file.

  3. Identify the node that defines the platform you enabled for PSM for SSH in the PVWA.

  4. In the PrivilegedSessionManagement parameters, set the Enable property to Yes.

    The following example shows how to enable connections through PSM for SSH for the CiscoSSH platform:

      
    <Policy ID="CiscoSSH" PlatformBaseID="CiscoSSH" PlatformBaseType="Cisco" PlatformBaseProtocol="SSH">



    			<PrivilegedSessionManagement Enable="Yes">

    			   <ConnectionComponents>

    			      <ConnectionComponent Id="PSMP-SSH" />

    			      …

    			   </ConnectionComponents>



    		</Policy>

  5. Save the Policies.xml file and return it to the PVWAConfig Safe.

  1. Restart the psmpsrv service to apply the configuration changes:

    At a command line, run the following commands:

    • RHEL7, SUSE11, SUSE12

        
      service psmpsrv stop
      service psmpsrv start

    • RHEL8

        
      systemctl stop psmpsrv
      systemctl start psmpsrv