Session Protocols
Details on the available connection protocols in KeeperPAM for interactive privileged sessions
Supported Connection Protocols
The following table lists all the supported connection protocols that can be configured in your Keeper Vault to establish zero-trust privilege sessions. Visit the associated link for each protocol for more details on configuration.
PAM Machine
Connecting to the target defined on the PAM Machine Record with the SSH connection protocol
PAM Machine
Connecting to the target defined on the PAM Machine Record with the RDP connection protocol
PAM Database
Connecting to the target defined on the PAM Database Record with the MySQL connection protocol
PAM Database
Connecting to the target defined on the PAM Database Record with the SQL Server connection protocol
PAM Database
Connecting to the target defined on the PAM Database Record with the PostgreSQL connection protocol
PAM Machine
Connecting to the target defined on the PAM Machine Record with the VNC connection protocol
PAM Machine
Connecting to the target defined on the PAM Machine Record with the Telnet connection protocol
PAM Remote Browser
Connecting to the target defined on the PAM Machine Record with http or https protocol in an isolated Chromium browser session
SSH Connections
Keeper Connections - SSH Protocol
Overview
KeeperPAM enables zero-trust privileged session management for target infrastructure using the SSH protocol. This guide explains how to set up SSH connections on your PAM Machine Records in the Keeper Vault. Secure SSH sessions are established from the Vault, through the Keeper Gateway, and directly to target devices.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure
PAM Machine Record
The PAM Machine record contains information of the endpoint you want to establish an SSH protocol connection to.
PAM User Record
The PAM User record contains the user credentials that will be used to connect to the endpoint
This guide will use a Linux server to represent a PAM Machine record.
PAM Settings - Configuring SSH Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the SSH protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable connection settings for the SSH protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the SSH protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Text Session Recording (Typescript)
When enabled, text session recordings (typescript) will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For SSH, the port is 22
Public Host Key (Base64)
The known hosts entry for the SSH server, in the same format as would be specified within an OpenSSH known_hosts file. If not provided, no verification of host identity will be performed.
Color Scheme
The color scheme to use for the terminal emulator used by SSH connections. Each color scheme dictates the default foreground and background color for the terminal. Programs which specify colors when printing text will override these defaults. Legal values are:
"black on white" - Black text over a white background
"gray on black" - Gray text over a black background (the default)
"green on black" - Green text over a black background
"white on black" - White text over a black background
"Custom" - custom color scheme
Default value is "white-black"
Font Size
Font size displayed for the terminal session
SFTP
If enabled, the user can drag and drop files into the terminal session to transfer one or more files.
File Browser Root Directory
If SFTP is enabled, file transfers will be saved to the specified folder path.
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user.
Can paste from clipboard
If enabled, user can paste text from clipboard within the connected protocol session.
Starting a Connection
Once you have configured the SSH Protocol connection on your PAM Machine Record, your record will contain the following connection banner with the "Launch" Button:
In the above image, a Linux server has been configured on the PAM Machine Record. When clicking launch, the Vault Client will render a window with the established connection protocol to the specified target:
File Transfers
Transfer In
If the SFTP file transfer feature is enabled, the user can drag and drop files into the terminal session to transfer the files to the machine.
Keeper supports one or more files transferred simultaneously through drag-and-drop.
While the files are being uploaded to the target machine, a file transfer status is displayed in the dock area of the Keeper Vault:
Transfer Out
To transfer files from the SSH remote connection to the local filesystem, you can download a tool called guacctl into the remote system and use it for performing outbound transfers.
Download guacctl and set as executable:
Initiate the file download using this syntax:
SSH to Windows Servers
The SSH protocol can also be used to access Windows servers for execution of PowerShell commands or other administrative actions.
Learn more on how to activate SSH on Windows
Session Recordings - SSH Protocol
For this protocol, both graphical and the full, raw text text content of terminal sessions, including timing information, are recorded. For more information on recordings and how to access these recordings, visit this page.
Learn more about Session Recording and Playback
RDP Connections
Keeper Connections - RDP Protocol
Overview
KeeperPAM enables zero-trust privileged session management for target infrastructure using the RDP protocol. This guide explains how to set up RDP connections on your PAM Machine Records in the Keeper Vault. Secure RDP sessions are established from the Vault, through the Keeper Gateway, and directly to target devices.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
The PAM Configuration contains information of your target infrastructure
The PAM Machine record contains information of the endpoint you want to establish an RDP protocol connection to.
The PAM User record contains the user credentials that will be used to connect to the endpoint
This guide will use a Azure VM as an example. For more details on how this is setup on the PAM Machine Record, visit the following page:
Example: Azure Windows VMPAM Settings - Configuring RDP Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the RDP protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable settings for the RDP protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the RDP protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For RDP, the port is 3389
Security Mode
The security mode to use for the RDP connection. This mode dictates how data will be encrypted and what type of authentication will be performed, if any. By default, security mode negotiation is performed.
Legal values are:
"any" - Negotiate with the server, allowing the RDP server to choose its preferred security mode (the default).
"NLA" - Network Level Authentication, sometimes also referred to as "hybrid" or CredSSP (the protocol that drives NLA) and uses TLS encryption.
"RDP Encryption" - Standard RDP encryption. Newer Windows servers generally have this mode disabled by default, and instead require NLA.
"TLS Encryption" - Transport Layer Security.
"Hyper-V/VMConnect" - Automatically select the security mode based on the security protocols supported by both the client and the server, limiting that negotiation to only the protocols known to be supported by Hyper-V / VMConnect. This security mode must be selected if connecting to the console of a Hyper-V virtual machine.
Default value is Any
Disable Authentication
If enabled, authentication will be disabled. Note that this refers to authentication that takes place while connecting. Any authentication enforced by the server over the remote desktop session (such as a login dialog) will still take place. By default, authentication is enabled and only used when requested by the server.
If you are using NLA, authentication must be enabled by definition.
Ignore Server Certificate
If enabled, the certificate returned by the server will be ignored, even if that certificate cannot be validated. This is useful if you universally trust the server and your connection to the server, and you know that the server's certificate cannot be validated (for example, if it is self-signed)
Load Balance Info/Cookie
The load balancing information or cookie which should be provided to the connection broker. If no connection broker is being used, this should be left blank
RDP Source ID
The numeric ID of the RDP source. This is a non-negative integer value dictating which of potentially several logical RDP connections should be used. This parameter is only required if the RDP server is documented as requiring it. If using Hyper-V, this should be left blank.
Preconnection BLOB (VM ID)
An arbitrary string which identifies the RDP source - one of potentially several logical RDP connections hosted by the same RDP server. This parameter is only required if the RDP server is documented as requiring it, such as Hyper-V. In all cases, the meaning of this parameter is opaque to the RDP protocol itself and is dictated by the RDP server. For Hyper-V, this will be the ID of the destination virtual machine.
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from clipboard within the connected protocol session
Disable Audio
Audio output is always enabled by default. If you are concerned about bandwidth usage, or audio is causing problems, you can explicitly disable audio output
Troubleshooting Connections
When troubleshooting authentication and connection issues, check the following:
Ensure the user specified in the linked PAM User record has the rights to RDP to the target machine.
Adjust your group policy or add the user to the "Remote Desktop Users" group on Windows to grant access.
For additional troubleshooting, refer to the Gateway logs which will contain additional information. The location of the Gateway logs depends on the installation method.
Session Recordings - RDP Protocol
For this protocol, graphical data, including timing information, is recorded. For more details on the recordings and how to access them, see the Session Recording & Playback docs.
RBI Connections
Keeper Connections - Remote Browser Isolation (http/https) Protocol
Overview
KeeperPAM enables zero-trust privileged session management for web applications using the Remote Browser Isolation (RBI) protocol. This guide explains how to configure RBI connections on your PAM Remote Browser Records in the Keeper Vault. Secure web sessions are initiated from the Vault, routed through the Keeper Gateway, and delivered directly to target applications.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure.
PAM Remote Browser
The PAM Remote Browser record contains information of the endpoint you want to establish a web session to.
PAM User Record
The PAM User record contains the user credentials that will be used to autofill credentials on the web page.
This guide will use a Jenkins web application.
PAM Settings - Configuring RBI
Accessing Connection Settings
After creating a PAM Remote Browser with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the RBI protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable settings for the RBI protocol on the PAM Settings:
Enable Remote Browser Isolation
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Allow navigation via direct URL manipulation
Ignore server certificate
Allowed URL Patterns
Allowed Resource URL Patterns
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from clipboard within the connected protocol session
Browser Autofill
Session Recordings - RBI Protocol
For this protocol, graphical data, including timing information, is recorded. For more details on the recordings and how to access them, see the Session Recording & Playback docs.
MySQL Connections
Keeper Connections - MySQL Protocol
Overview
KeeperPAM enables zero-trust privileged session management for MySQL databases through an interactive CLI. This guide shows how to configure MySQL connections on your PAM Database Records in the Keeper Vault. Sessions are securely initiated from the Vault, routed via the Keeper Gateway, and connected to target databases.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure
PAM Database Record
The PAM Database record contains information of the endpoint you want to establish an MySQL protocol connection to.
PAM User Record
The PAM User record contains the MySQL user credentials that will be used to connect to the endpoint
This guide will use a MySQL Database. For more details on how this is setup, visit the following page:
PAM Settings - MySQL Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the MySQL protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable settings for the MySQL protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the MySQL protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Text Session Recording (Typescript)
When enabled, text session recordings (typescript) will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Database. The port specified here will override the default port. For MySQL, the port is 3306
Default Database
The database schema selected when connecting to the specified database server.
Can export CSV
Enables CSV export of data when using the SQL statement "select ... into local outfile"
Can import CSV
Enables CSV import of data when using the SQL statement "load data local infile ... into table"
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from local clipboard into the connected protocol session
Session Recordings - MySQL Protocol
For this protocol, both graphical and the full, raw text text content of terminal sessions, including timing information, are recorded. For more information on recordings and how to access these recordings, visit this page.
Learn more about Session Recording and Playback
SQL Server Connections
Keeper Connections - SQL Server Protocol
Overview
KeeperPAM enables zero-trust privileged session management for SQL Server databases through an interactive CLI. This guide shows how to configure SQL Server connections on your PAM Database Records in the Keeper Vault. Sessions are securely initiated from the Vault, routed via the Keeper Gateway, and connected to target databases.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure
PAM Database Record
The PAM Database record contains information of the endpoint you want to establish an SQL Server protocol connection to.
PAM User Record
The PAM User record contains the SQL Server user credentials that will be used to connect to the endpoint
This guide will use a SQL Database. This is similar to setting up a MySQL database, for more details on how this is setup, visit the following page:
PAM Settings - SQL Server Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the SQL Server protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable connection settings for the SQL Server protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the SQL Server protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Text Session Recording (Typescript)
When enabled, text session recordings (typescript) will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Database. The port specified here will override the default port. For SQL Server, the port is 1433
Default Database
The database schema selected when connecting to the specified database server.
Can export CSV
Enables CSV export of data when using the SQL statement "select ... into local outfile"
Can import CSV
Enables CSV import of data when using the SQL statement "load data local infile ... into table"
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from local clipboard into the connected protocol session
Session Recordings - SQL Server Protocol
For this protocol, both graphical and the full, raw text text content of terminal sessions, including timing information, are recorded. For more information on recordings and how to access these recordings, visit this page.
Learn more about Session Recording and Playback
PostgreSQL Connections
Keeper Connections - PostgreSQL Protocol
Overview
KeeperPAM enables zero-trust privileged session management for PostgreSQL databases through an interactive CLI. This guide shows how to configure PostgreSQL connections on your PAM Database Records in the Keeper Vault. Sessions are securely initiated from the Vault, routed via the Keeper Gateway, and connected to target databases.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure
PAM Database Record
The PAM Database record contains information of the endpoint you want to establish an PostgreSQL protocol connection to.
PAM User Record
The PAM User record contains the PostgreSQL user credentials that will be used to connect to the endpoint
This guide will use a PostgreSQL Database. For more details on how this is setup, visit the following page:
PAM Settings - PostgreSQL Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the PostgreSQL protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable connection settings for the SQL Server protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the PostgreSQL protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Text Session Recording (Typescript)
When enabled, text session recordings (typescript) will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Database. The port specified here will override the default port. For PostgreSQL, the port is 5432
Default Database
The database schema selected when connecting to the specified database server.
Can export CSV
Disables CSV export of data when using the SQL statement \COPY
FROM "input.csv" With CSV
Can import CSV
Disables CSV import of data when using the SQL statement \COPY () TO ".csv" With CSV HEADER
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from local clipboard into the connected protocol session
Session Recordings - PostgreSQL Protocol
For this protocol, both graphical and the full, raw text text content of terminal sessions, including timing information, are recorded. For more information on recordings and how to access these recordings, visit this page.
Learn more about Session Recording and Playback
VNC Connections
Keeper Connections - VNC Protocol
Overview
KeeperPAM enables zero-trust privileged session management for target infrastructure using the VNC protocol. This guide explains how to set up VNC connections on your PAM Machine Records in the Keeper Vault. Secure VNC sessions are established from the Vault, through the Keeper Gateway, and directly to target devices.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure
PAM Machine Record
The PAM Machine record contains information of the endpoint you want to establish an VNC protocol connection to.
PAM User Record
The PAM User record contains the VNC credentials that will be used to connect to the machine
This guide will use a Azure VM. For more details on how this is setup on the PAM Machine Record, visit the following page:
Example: Azure Windows VMPAM Settings - Configuring VNC Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the VNC protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable settings for the VNC protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the VNC protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For VNC the port is 5900
Destination Host
Required if using a VNC Repeater such as UltraVNC Repeater
The destination host to request when connecting to a VNC proxy such as UltraVNC Repeater
Destination Port
Required if using a VNC Repeater such as UltraVNC Repeater
The destination port to request when connecting to a VNC proxy such as UltraVNC Repeater
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from clipboard within the connected protocol session
Session Recordings - VNC Protocol
For this protocol, graphical data, including timing information, is recorded. For more details on the recordings and how to access them, see the Session Recording & Playback docs.
Telnet Connections
Keeper Connections - Telnet Protocol
Overview
KeeperPAM enables zero-trust privileged session management for target infrastructure using the Telnet protocol. This guide explains how to set up Telnet connections on your PAM Machine Records in the Keeper Vault. Secure sessions are established from the Vault, through the Keeper Gateway, and directly to target devices.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure
PAM Machine Record
The PAM Machine record contains information of the endpoint you want to establish an Telnet protocol connection to.
PAM User Record
The PAM User record contains the user credentials that will be used to connect to the endpoint
This guide will use a Linux Machine. For more details on how this is setup on the PAM Machine Record, visit the following page:
Example: Linux MachinePAM Settings - Configuring Telnet Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the Telnet protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable connection settings for the Telnet protocol on the PAM Settings:
Protocol
Required
The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the Telnet protocol should be selected
Enable Connection
Required
To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Text Session Recording (Typescript)
When enabled, text session recordings (typescript) will be enabled for this record
Connection Port
The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For Telnet, the port is 23
Username Regular Expression
The regular expression to use to detect the username prompt when the username cannot be provided. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).
Password Regular Expression
The regular expression to use to detect the password prompt. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).
Login Success Regular Expression
The regular expression to use when detecting that the login attempt has succeeded. If specified, the terminal display will not be shown to the user until text matching this regular expression has been received from the telnet server. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).
Login Failure Regular Expression
The regular expression to use when detecting that the login attempt has failed. If specified, the connection will be closed with an explicit login failure error if text matching this regular expression has been received from the telnet server. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user
Can paste from clipboard
If enabled, user can paste text from clipboard within the connected protocol session
Color Scheme
The color scheme to use for the terminal emulator used by SSH connections. Each color scheme dictates the default foreground and background color for the terminal. Programs which specify colors when printing text will override these defaults. Legal values are:
"black on white" - Black text over a white background
"gray on black" - Gray text over a black background (the default)
"green on black" - Green text over a black background
"white on black" - White text over a black background
"Custom" - custom color scheme
Default value is "white-black"
Session Recordings - Telnet Protocol
For this protocol, both graphical and the full, raw text text content of terminal sessions, including timing information, are recorded. For more information on recordings and how to access these recordings, visit this page.
Learn more about Session Recording and Playback