PSM and PSM for SSH connector properties

This topic includes reference information on PSM and PSM for SSH properties that can be configured in the Privilege Cloud Portal from Administration > Configuration Options.

How do I access these configuration options?

To access these settings, in the Privilege Cloud portal, go to Administration > Configuration Options > Connection Components.

Privileged SSO and transparent connections

These parameters define settings for privileged SSO and transparent connections to remote devices, either directly or through PSM.

EnableConnectAddressHistory
Description	Determines whether or not a list of addresses accessed with the selected account will be displayed in the Connect with Account window.
Acceptable Values	Yes/No
Default Value	Yes
MaxConnectHistory
Description	Defines the maximum number of remote machine addresses that can be displayed in the Connect with Account window. The address history is saved per account for each PVWA user.
Acceptable Values	Number
Default Value	7
MaxConnectAccountsNumber
Description	Defines the maximum number of accounts whose machine addresses history will be displayed in the Connect with Account window.
Acceptable Values	Number
Default Value	20
MaxScriptFileSizeInKB
Description	Defines the maximum size in KB of a connection component script file.
Acceptable Values	Number
Default Value	1024

Connector-specific properties

These parameters define settings for privileged SSO or transparent connections to remote devices for a specific connection component, such as PSM-RDP and PSM-SSH.

Parameter

Description

Default value

The unique identifier of the connection component.

FullScreen

Whether or not the remote desktop window will be opened in full screen mode. The full screen mode opens a new window with an additional window for logon. You can toggle between screen modes with Alt+Ctrl+Break.

The RemoteApp user experience enables standard window resizing capabilities so this parameter does not apply to RemoteApp.

Height

The height in pixels of the desktop resolution on the remote machine. The height of the window that is opened on the remote desktop is calculated from this parameter.

The RemoteApp user experience enables standard window resizing capabilities so this parameter does not apply to RemoteApp.

768 pixels

Width

The width in pixels of the desktop resolution on the remote machine. The width of the window that is opened on the remote desktop is calculated from this parameter.

The RemoteApp user experience enables standard window resizing capabilities, so this parameter does not apply to RemoteApp.

1024 pixels

Type

Specifies the interface that is used for the connection. This is an internal parameter.

Display Name

Defines the display name of the connection component.

The connection component ID

User parameters

These parameters define parameters that prompt users for more information in the transparent connection window so that the transparent connection can be opened.

Name

Description

The name of the parameter.

Acceptable Values

String

Default Value

DisplayName

Description

The exact way that the parameter name will be displayed in the connection window.

Acceptable Values

String

Default Value

Value

Description

The default value of this parameter.

Acceptable Values

String

Default Value

Visible

Description

Whether or not the user will be prompted for this parameter before the connection is established.

Acceptable Values

Yes/No

Default Value

Required

Description

Whether or not users are required to provide extra information in the transparent connection window so that the remote connection can be activated.

Acceptable Values

Yes/No

Default Value

Type

Description

The type that will be used to modify the appearance or behavior of a parameter UI field.

Acceptable Values

String

Default Value

EnforceInDualControlRequest

Description

Whether or not the user will be required to provide this information in order to create a dual control request.

Acceptable Values

Yes/No

Default Value

AllowMappingLocalDrives

Description

Whether or not users will be allowed to redirect their local hard drives to the remote server.

This is not supported for remote devices that run on Windows 2000.

Acceptable Values

Yes/No

Default Value

AllowConnectToConsole

Description

Whether or not users will be allowed to connect through the Privilege Cloud Portal to the administrative console of the remote machine.

Acceptable Values

Yes/No

Default Value

RedirectSmartCards

Description

Whether or not users will be allowed to redirect their Smart Card so that the certificate stored on the end user's card can be accessed on the target. To enable this feature, the Smart Card driver must be installed on the PSM machine. In load-balanced implementations, the driver must be installed on all load balanced PSMs.

Acceptable Values

Yes/No

Default Value

Yes

AllowSelectHTML5

Description

Whether users can select which connection method, HTML5-based or RDP-file, to use when connecting to the remote server.
This is useful for allowing users to connect externally using HTML5 and internally using RDP-file.

This option is only available in the Version 10 interface.
To add this parameter, we recommend copying the AllowMappingLocalDrives parameter and changing the Name and DisplayName fields. The Type (CyberArk.TransparentConnection.BooleanUserParameter, CyberArk.PasswordVault.TransparentConnection) is the same for both parameters.

Acceptable Values

Yes/No

Default Value

Target settings

These parameters define specific target machine settings. These parameters can be overidden at platform or account level.

Root settings

Parameter

Description

Values

Default

Protocol

Defines the target connection protocol

ClientApp

The command invoked to run the application.

Relevant to command line clients only.

ClientDispatcher

Defines the internal client that will open the target connection.

ClientInvokeType

The connection client invocation method. This method will be used for invoking the connection client, and passing it all the required parameters.

Internal
Command Line
WebForm
Dispatcher

Internal

ConnectionComponentInitTimeout

Time allowed for the connection component to initialize, in milliseconds. 0 means infinitely.

20000

Client-specific

These parameters define a dynamic list of parameters for a specific client.

General parameters

Name
Description	The name of the parameter.
Acceptable Values	String
Default Value
Value
Description	The default value of this parameter.
Acceptable Values	String
Default Value

PSM-RDP parameters

To configurePSM-RDP connection components, specify the following client specific parameters:

Port

Description

The port used to connect to the remote device.

Acceptable Values

Number

Default Value

3389

AuthenticationLevel

Description

The authentication level that will be used for this connection.

Acceptable Values

■

0 – The PSM server is not required to authenticate the target machine before connecting to it.

■

1 – The PSM server will authenticate the target machine before connecting to it.

■

2 – The PSM server will authenticate the target machine before connecting to it. If the authentication fails, the user will be able to cancel the connection or to initiate a connection without authentication.

Default Value

StartProgram

Description

The full path of the program that will be started when the PSM-RDP connection is initiated.

Acceptable Values

Full path

Default Value

WorkDir

Description

The full path of the working directory for the program specified in the StartProgram parameter. If this property is not specified, the default working directory will be used.

Acceptable Values

Full path

Default Value

C:\Users\<current user>

TerminateOnWinAuditInitFailure

Description

Whether or not the PSM RDP session will stop when the Windows Events Audit or Universal keystrokes audit cannot be initialized.

Acceptable Values

Yes/No

Default Value

TerminateOnWinAuditTimeout

Description

Whether or not the PSM RDP session will stop when the Windows Events Audit or Universal keystrokes audit is not working.

Acceptable Values

Yes/No

Default Value

Yes

WindowsEventsSampleRate

Description

How often PSM will check for new windows that were accessed on the target machine.
Default value:

Acceptable Values

Number of seconds

Default Value

0.05

WindowsEventsKeepAlive

Description

The number of minutes for which a session will be kept alive when the Windows Events Audit or Universal keystrokes audit is not active.
When the specified amount of time has passed, PSM will decide whether or not to terminate the session according to the value specified in the TerminateOnWinAuditTimeout parameter.

Acceptable Values

Number of minutes

Default Value

EnableTargetLogging

Description

Whether or not trace logging to the Event Viewer on the target machine is enabled.

Acceptable Values

Yes/No

Default Value

WindowsKeystrokesSingleLanguage

Description

Whether or not universal keystrokes recording for Windows connections will be supported for a single or additional languages during privileged sessions.

Acceptable Values

Yes/No

Default Value

Yes

RedirectDrivesRetries

Description

The number of times that PSM will try to map local drives on the client computer to the remote machine.

Acceptable Values

Number

Default Value

RedirectDrivesRetryInterval

Description

The number of milliseconds between PSM efforts to map local drives on the client computer to the remote machine, as defined in RedirectDrivesRetries.

Acceptable Values

Number of milliseconds

Default Value

5000

WinAuditInitConnectionTimeout

Description

The number of milliseconds for the initialization connection for the Windows agents. This parameter is used when the TerminateOnWinAuditInitFailure is set to Yes.

Acceptable Values

Number of milliseconds

Default Value

120,000

PSM-SSH parameters

To configure PSM-SSH connection components, specify the following client specific parameters:

Port
Description	The port used to connect to the remote device for SSH connections.
Acceptable Values	Number
Default Value	22
AutoLogonSequenceWithLogonAccount
Description	The authentication level that will be used for this connection.
Acceptable Values	A multiline sequence that defines an automatic sign-on process which uses a logon account to log onto a remote machine and then another account to elevate the user so that it can run sessions. The sequence uses regular expression prompts and responses with dynamic values based on the relevant account that can include one or more dynamic references. PSM reads these references in the following order: account properties, user parameters, then client specific parameters.
Default Value
SendRateValue
Description	A send rate value in milliseconds that overrides the default send rate delay value, which determines the speed at which the client will send the login sequence keystrokes.
Acceptable Values	Number of milliseconds
Default Value
PromptTimeout
Description	A timeout value in milliseconds that overrides the default prompt timeout value, which determines how long the client will wait for the next prompt to be received before displaying an error message and closing the session.
Acceptable Values	Number of milliseconds
Default Value	30000
ShellPromptForAudit
Description	Defines a regular expression that represents the shell prompt. If no value is set the default value is used.
Acceptable Values	String
Default Value	(.*)[>#\\$]$
TerminateOnShellPromptFailure
Description	Whether or not the session will stop if the shell prompt was not recognized after the amout of time defined in the parameter PromptTimeout.
Acceptable Values	Yes/No
Default Value	No
EnableXForwarding
Description	Whether or not users will be able to connect to remote SSH devices through PSM using X-Forwarding.
Acceptable Values	Yes/No
Default Value	No
XServerCommandLine
Description	Command line argument to use for X-forwarding.
Acceptable Values	String
Default Value	"C:\Program Files (x86)\VcXsrv\vcxsrv.exe" :{XDisplayNumber} -multiwindow -clipboard -nolisten inet6
BackgroundColor
Description	Configure the background color of an SSH session.
Acceptable Values	black, red, green, yellow, blue, magenta, cyan, gray
Default Value	No color
ForegroundColor
Description	Configure the foreground color of an SSH session.
Acceptable Values	black, red, green, yellow, blue, magenta , cyan , gray , dark_gray, bright_red, bright_green, bright_yellow, bright_blue, bright_magenta, bright_cyan, white
Default Value	No color
TicketingRetriesNumber
Description	If the user enters an invalid control character, such as Backspace or Esc, or an invalid ticket ID, a retry mechanism enables the user to correctly re-enter the ticket ID. This parameter determines the number of retries. If the parameter is set to 0, no retries are allowed.
Acceptable Values	Number
Default Value	3
EnableTERMParsingForAudit
Description	Defines whether the audit supports auto complete for a more interactive experience (Yes) or supports copy/paste of multiple lines for running bulk commands (No).
Acceptable Values	Yes/No
Default Value	Yes

PSM-Telnet parameters

To configure PSM-Telnet connection components, specify the following client specific parameters:

ClientProtocol
Description	The protocol used to create the connection to the remote device.
Acceptable Values	String
Default Value	Telnet
AutoLogonSequence
Description	A multi-line sequence that defines the automatic sign-on process using regular expression prompts and responses with placeholders for dynamic values that can include one or more dynamic references. PSM reads these references in the following order: account properties, user parameters, then client specific parameters.
Acceptable Values	String
Default Value
AutoLogonSequenceWithLogonAccount
Description	The authentication level that will be used for this connection.
Acceptable Values	A multiline sequence that defines an automatic sign-on process which uses a logon account to log onto a remote machine and then another account to elevate the user so that it can run sessions. The sequence uses regular expression prompts and responses with dynamic values based on the relevant accounts that can include one or more dynamic references. PSM reads these references in the following order: account properties, user parameters, then client specific parameters.
Default Value
SendRateValue
Description	A sent rate value in milliseconds that overrides the default send rate delay value, which determines the speed at which the client will send the login sequence keystrokes.
Acceptable Values	Number of milliseconds
Default Value
PromptTimeout
Description	A timeout value in milliseconds that overrides the default prompt timeout value, which determines how long the client will wait for the next prompt to be received before displaying an error message and closing the session.
Acceptable Values	Number of milliseconds
Default Value	30000
ShellPromptForAudit
Description	Defines a regular expression that represents the shell prompt. If no value is set the default value is used.
Acceptable Values	String
Default Value	(.*)[>#\\$]$
TerminateOnShellPromptFailure
Description	Whether or not the session will stop if the shell prompt was not recognized after the amout of time defined in the parameter PromptTimeout.
Acceptable Values	Yes/No
Default Value	No
BackgroundColor
Description	Configure the background color of an SSH session.
Acceptable Values	black, red, green, yellow, blue, magenta, cyan, gray
Default Value	No color
ForegroundColor
Description	Configure the foreground color of an SSH session.
Acceptable Values	black, red, green, yellow, blue, magenta , cyan , gray , dark_gray, bright_red, bright_green, bright_yellow, bright_blue, bright_magenta, bright_cyan, white
Default Value	No color

PSM-WinSCP parameters

To configure PSM-WinSCP connection components, specify the following client specific parameters:

DispatcherParameters

Description

The parameter that defines the target server and the connection. This parameter uses the following syntax:
{Address}
{Username}
{Password}
[{PSMClientApp}]
[{Port}]
[{FileTransferProtocol}]
[{WindowTimeout}]
[{RestrictiveMode}]
[{AcceptHostKeyInCache}] These parameters must be specified in the above order and on a different line. This syntax is explained below:

■

Address – Hostname/IP of the target server.

■

Username – Username of the target account.

■

Password – Password of the target account.

■

WinSCP Executable Path – Location of the WinSCP exe file. If this is not specified, the default path is used – C:\Program Files (x86)\CyberArk\ PSM\Components\WinSCP.exe.

■

Port – Port used to connect to the remote device. If this is not specified, the default port is used – 22.

■

FileProtocol – The protocol used to transfer files. Optional values are SCP and SFTP. If this is not specified, the default value is used – SFTP.

■

WindowTimeout – Number of seconds to wait for each window. If this is not specified, the default value is used – 30 seconds.

■

RestrictiveMode – Whether or not to kill the process if an unexpected window appears during initialization and login. Specify Yes to end the process automatically or No to allow the user to handle the unexpected windows within the timeout limits. If this is not specified, the default value is used – No.

■

AcceptAddingKeyToCache – Whether or not to dismiss the host key warning by adding the host key into the machine cache. Specify Yes to continue connecting automatically (the key is not added to the cache) or No to ask the user to add the host key manually. If this is not specified, the default value is used – No.

■

Note: Do not specify a new line after the final parameter.

Acceptable Values

Number

Default Value

3389

RedirectDrivesRetries

Description

The number of times that PSM will try to map local drives on the client computer to the remote machine.

Acceptable Values

Number

Default Value

RedirectDrivesRetryInterval

Description

The number of milliseconds between PSM efforts to map local drives on the client computer to the remote machine, as defined in RedirectDrivesRetries.

Acceptable Values

Number of milliseconds

Default Value

5000

PSM-OS390 parameters

To configure PSM-OS390 connection components, specify the following client specific parameters:

SourceFileTemplate
Description	A macro file that contains a list of commands to the client. These commands can be specified with placeholders (in parentheses {}), so that users can specify custom metadata. Note: The default source file template is a sample. Change this to specify the source file in your environment.
Acceptable Values	String
Default Value	-
CommandLineArguments
Description	The wc3270 option that can be run during the PSM-OS390 connection session.
Acceptable Values	String
Default Value	-

PSM-AS400 parameters

To configure PSM-AS400 connection components, specify the following client specific parameters:

SourceFileTemplate

Description

A macro file that contains a list of commands to the client. These commands can be specified with placeholders (in parentheses {}), so that users can specify custom metadata.

The default source file template is a sample. Change this to specify the source file in your environment.

Acceptable Values

String

Default Value

CommandLineArguments

Description

The list of WC3270 options that can be run during the PSM-AS400 connection session. Separate multiple options with commas.

Acceptable Values

String

Default Value

Multiline parameter

These parameters define a dynamic multiline-parameter for a specific client.

Name
Description	The name of the parameter.
Acceptable Values	String
Default Value
Value
Description	The default value of this parameter.
Acceptable Values	String
Default Value

Lock application window

These parameters define the behavior of the lock application window process.

Name

Description

Whether or not the application window will be locked on the screen.

This parameter is ignored when the RemoteApp user experience is enabled. For more information, refer to the UseRemoteApp parameter in Privileged Session Management UI

Acceptable Values

Yes/No

Default Value

Yes

MainWindowTitle

Description

Used to identify the main window.

Acceptable Values

String

Default Value

MainWindowClass

Description

Used to identify the main window.

Acceptable Values

String

Default Value

Timeout

Description

The time, in milliseconds, to wait for the application window to be displayed.

Acceptable Values

Number

Default Value

8000

SearchWindowWaitTimeout

Description

The time, in milliseconds, to wait betweeneach iteration when searching for the application window.

Acceptable Values

Number

Default Value

Web form settings

These parameters define webform specific settings for the connection component.

LogonURL
Description	The URL of the page that contains the login form.
Acceptable Values	URL
Default Value
FormName
Description	The ID of the login form element.
Acceptable Values	String
Default Value
SubmitButton
Description	The name of the submit button for the login form.
Acceptable Values	String
Default Value
WebFormFields
Description	Pairs of form field names and values to implant in the post data string of the form. Each pair should be inserted in a new line, using the following syntax: Name>Value.
Acceptable Values	String
Default Value
EnforceCertificateValidation
Description	Whether or not PSM will validate target website certificates when initiating PSM connections. This enables PSM to connect to local websites that do not have valid certificates, such as LAN applications with self-signed certificates.
Acceptable Values	Yes/No
Default Value	Yes

Supported capabilities

These parameters define a list of capabilities supported by the connection component.

Capability - A capability supported by the connection component.

Description

The unique ID of a capability. This ID is taken from the list of capabilities configured in the Connection Client Settings in the PSM configuration.

PSM-Toad connections supports the following capabilities:

■

OraclePasswordProtection

■

SQLLevelAudit

■

SQLTextRecorder

PSM-SQLPlus connections supports the following capabilities:

■

SQLLevelAudit

■

SQLTextRecorder

PSM-SSH connections supports the following capabilities:

■

SSHTextRecorder

■

SSHKeystrokesAudit

■

LogonAccount

■

SupportXForwarding

PSMP-SSH connection components support the following capabilities:

■

SSHTextRecorder

■

SSHKeystrokesAudit

■

LogonAccount

■

SSHPasswordHiding

PSM-RDP connection components support the following capabilities:

WindowsEventsTextRecorder
WindowsEventsAudit

PSM-MS-Azure connection components support the following capabilities:

WindowsEventsTextRecorder
WindowsEventsAudit

PSM-PVWA connection components support the following capabilities:

WindowsEventsTextRecorder
WindowsEventsAudit

PSM-PTA connection components support the following capabilities:

WindowsEventsTextRecorder
WindowsEventsAudit

PSM-AWSConsoleWithSTS connection components support the following capabilities:

WindowsEventsTextRecorder
WindowsEventsAudit

PSMP-SCP connection components supports the following capability:

■

SCPAudit

All other connections support the following capabilities:

■

KeystrokesAudit

■

KeystrokesTextRecorder

Acceptable Values

String

Default Value