PSM for SSH Syntax Delimiter-Integrated

This topic describes how to configure PSM for SSH Syntax delimiters if you have set InstallCyberArkSSHD = Integrated.

Overview

When end users connect to target machines via PSM for SSH (directly, and not through the PVWA), they use the following command:

  
<ssh client>  vaultuser@targetuser#centralmanagement@targetmachine#targetport@proxyaddress
 [<command>]

The command includes the following default delimiters:

  • @ for separating required parameters

  • # for separating optional parameters

There may be cases in which you will need to change the default delimiters. See Replace delimiters below.

When should you change the delimiter?

When using a delimiter other than ‘@’ to separate the required parameters, the delimiter before the ‘proxyaddress’ parameter must remain ‘@’ and cannot be replaced.

Examples of situations when you should change the default delimiter include:

Change the delimiter to a character other than @.

You cannot use PSM for SSH prompts to connect through PSM for SSH with a domain user name, and you must specify all the parameters in the command line.

When using optional parameters when copying files securely through PSM for SSH with SCP syntax. SCP syntax does not support ‘#’ (hash) as a delimiter.

A full user name, which includes the suffix, can include only one @ character.

Replace delimiters

You can replace the default delimiters to separate parameters in the PSM for SSH connection command by editing the components.conf file. Each delimiter is managed with a different parameter.

You cannot use the same delimiter for both required and optional parameters.

To replace a delimiter:

  1. Open the following file for editing:

    /etc/opt/CARKpsmp/components/components.conf

  2. Add the following parameter to the file, depending on the delimiter you want to replace:

    Type

    Parameter

    Required 

    AdditionalDelimiter=<delimiter>

    Example: AdditionalDelimiter=%

    Optional 

    TargetAddressPortDelimiter=<delimiter>

    Example: TargetAddressPortDelimiter=%

  3. Save the changes you made to the file.