Scribd
Upload
55 views18 pages

Pam Lab 3 1725806858

Uploaded by

akshay Puthalath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views18 pages

Pam Lab 3 1725806858

Uploaded by

akshay Puthalath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Privileged Access Management – Lab 03 Sheeraz Ali

Lab - 03
Report
Privileged Access Management (PAM) Deployment
& Integrations
Product: Beyond Trust Password Safe

By: Sheeraz Ali


Date: 06-09-2024 Cyber Security Engineer

1|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Table of Contents
Agenda: .......................................................................................................................................................................................................................... 3
Step 1: Configuring Auto-Launch Putty for SSH Access: ................................................................................................................................................ 3
Step 1.1: Open Registry Editor on your Workstation where you are trying to get SSH Access of Managed Systems: ............................................. 4
Step 1.2: Navigate to HKEY_CLASSES_ROOT Registry and Create a new Registry Key ‘ssh’. ................................................................................... 4
Step 1.3: Setting the Default Value of this Key:......................................................................................................................................................... 5
Step 1.4: Adding a String Value: ................................................................................................................................................................................ 6
Step 1.5: Add a New Key “DefaultIcon” into HKEY_CLASSES_ROOT\ssh .................................................................................................................. 6
Step 1.6: Add a New Key “shell” then sub-key “open” then sub-key “command” into HKEY_CLASSES_ROOT\ssh ................................................. 6
Step 1.6.1: Add a New Registry Key “shell” into HKEY_CLASSES_ROOT\ssh......................................................................................................... 6
Step 1.6.2: Add a New Registry Key “open” into HKEY_CLASSES_ROOT\ssh\shell ............................................................................................... 7
Step 1.6.3: Add a New Registry Key “command” into HKEY_CLASSES_ROOT\ssh\shell\command ..................................................................... 7
Step 1.7: Automated Process to making Changes in Registry Settings: .................................................................................................................... 8
Step 1.7.1: Creating a Registry File: ....................................................................................................................................................................... 8
Step 1.7.2: Importing recently created registry file setting into our registry settings: ......................................................................................... 9
Step 2: Testing of Auto-Launch Putty Client for SSH Access from Beyond Trust Password Safe Web Console: ......................................................... 10
Step 3: Onboarding Linux Servers into Password Safe ................................................................................................................................................ 13
Step 3.1: Creating a new linux user and testing normal ssh access from Putty Client. ........................................................................................... 13
Step 3.2: Onboarding of Managed System into Password Safe (Manually): ........................................................................................................... 14
Step 3.3: Creating a Managed Account for SSH Access of this Managed System: .................................................................................................. 16
Step 3.4: Testing of SSH Access of Linux Machine: .................................................................................................................................................. 18

2|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Agenda:
1. Enabling Putty Application for Browser to auto-launched and accept SSH Requests coming from our Beyond
Trust Console.
2. Onboarding of Linux Servers and its Privileged Accounts into Beyond Trust Password Safe, for Privileged
Management.

Step 1: Configuring Auto-Launch Putty for SSH Access:


As we have already onboarded our Cisco DMZ Switch (C2960S) in our previous Lab (LAB-02) and tested SSH Access successfully my
using Manual Commands provided by Beyond Trust. Now I need to just enable direct SSH Session Access on my Putty Client as I
don’t need to put or use Manual Commands always to get SSH Access of Managed Systems. To do this, I just need to Click on “Start
SSH Session” Button provided after my Access Request approved according to Password Safe policies.

Whenever I click on ‘Start SSH Session’, a new tab on my browser open with an SSH Protocol URL but Browser doesn’t accept that
request because by default browser works only on HTTP Based Request.

3|Page
Privileged Access Management – Lab 03 Sheeraz Ali

I need to just redirect that SSH Request towards my Putty Client from my Web Browsers as putty can accept that request and enable
me to get SSH Access of my Managed System. To do this I need to make some changes in my OS Registries. We have two paths to
make some registry changes either manually or using registry file (automated). If we are preferring manual process to do this, follow
the below mentioned process, (Those who are going with automated process can bypass steps 1.1 to 1.6)

Step 1.1: Open Registry Editor on your Workstation where you are trying to get SSH Access of Managed Systems:

Step 1.2: Navigate to HKEY_CLASSES_ROOT Registry and Create a new Registry Key ‘ssh’.
To do this Right Click on “HKEY_CLASSES_ROOT” and go to “New” option and then click on “Key”.

4|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Step 1.3: Setting the Default Value of this Key:


Set the Default Value for this Key as “URL:Secure Shell Protocol”.

5|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Step 1.4: Adding a String Value:


Add a New String Value in this Registry Key “URL Protocol” with setting Null Value.

Step 1.5: Add a New Key “DefaultIcon” into HKEY_CLASSES_ROOT\ssh


Add a New Registry Key “DefaultIcon” in HKEY_CLASSES_ROOT\ssh and set the default value to “%%ProgramFiles%%\PuTTY\putty.exe”.

Step 1.6: Add a New Key “shell” then sub-key “open” then sub-key “command” into HKEY_CLASSES_ROOT\ssh
Step 1.6.1: Add a New Registry Key “shell” into HKEY_CLASSES_ROOT\ssh
Default Value should be Null.

6|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Step 1.6.2: Add a New Registry Key “open” into HKEY_CLASSES_ROOT\ssh\shell


Default value should be Null.

Step 1.6.3: Add a New Registry Key “command” into HKEY_CLASSES_ROOT\ssh\shell\command


Default value should be “cmd /V:ON /s /c @echo off && set url=%1 && for /f "tokens=1,2,3 delims=:/ " %%a in ("!url!") do set
protocol=%%a&set host=%%b&set port=%%c && start "" "%%ProgramFiles%%\PuTTY\putty.exe" -P !port! !host!”

7|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Step 1.7: Automated Process to making Changes in Registry Settings:


Step 1.7.1: Creating a Registry File:
Open a Notepad and copy/paste below mentioned text into your Notepad and save that notepad file at your desired location with a proper
name along with file extension “.reg”
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ssh]
@="URL:Secure Shell Protocol"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\ssh\DefaultIcon]
@="%%ProgramFiles%%\\PuTTY\\putty.exe"
[HKEY_CLASSES_ROOT\ssh\shell]
[HKEY_CLASSES_ROOT\ssh\shell\open]
[HKEY_CLASSES_ROOT\ssh\shell\open\command]
@="cmd /V:ON /s /c @echo off && set url=%1 && for /f \"tokens=1,2,3 delims=:/ \" %%a in (\"!url!\") do set
protocol=%%a&set host=%%b&set port=%%c && start \"\" \"%%ProgramFiles%%\\PuTTY\\putty.exe\" -P !port!
!host!"

File should look like this.

8|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Step 1.7.2: Importing recently created registry file setting into our registry settings:
After creating the registry file, we just need to open that registry file with our register editor software. Our Registry Editor will automatically read
and import that mentioned registry settings into our system registries.

Make sure to restart your PC and then go for testing phase.

9|Page
Privileged Access Management – Lab 03 Sheeraz Ali

Step 2: Testing of Auto-Launch Putty Client for SSH Access from Beyond Trust Password Safe Web
Console:
Logging into your Beyond Insight Console and Navigate to Password Safe Page, then Accounts and Local Accounts.

10 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Click on Access Button on Right Side of listed Local Account and generate SSH Access Request.

Click on Start SSH Session and Putty will be launched automatically with requested SSH Session.

11 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

12 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Step 3: Onboarding Linux Servers into Password Safe


Step 3.1: Creating a new linux user and testing normal ssh access from Putty Client.
First, we need to create a new user in our linux machine. In my case, machine name is “fpt-vm” and newly created user account is “ssh_user”

User Account created, now need to test the SSH Access from newly created user.

13 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Step 3.2: Onboarding of Managed System into Password Safe (Manually):


Navigate to Managed System Page and Click on Create New Managed System. Fill the details of “fpt-vm” machine into provided form.

14 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Adding Newly Created Managed System into Proper Smart Group for Proper Management (Optional)

15 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Step 3.3: Creating a Managed Account for SSH Access of this Managed System:
Click on three dots for this Managed System “fpt-vm and Click on Go to Advanced Details, then Managed Account Section. After that Click on
Create New Managed Account Option:

16 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Fill the form and provide the details of local account (newly created on linux machine). In my case, “ssh_user” account was created recently for
allowing ssh access from PAM System.

17 | P a g e
Privileged Access Management – Lab 03 Sheeraz Ali

Step 3.4: Testing of SSH Access of Linux Machine:

18 | P a g e

You might also like