SSH

PAM Machine

Connecting to the target defined on the PAM Machine Record with the SSH connection protocol

RDP

PAM Machine

Connecting to the target defined on the PAM Machine Record with the RDP connection protocol

MySQL

PAM Database

Connecting to the target defined on the PAM Database Record with the MySQL connection protocol

SQL Server

PAM Database

Connecting to the target defined on the PAM Database Record with the SQL Server connection protocol

PostgreSQL

PAM Database

Connecting to the target defined on the PAM Database Record with the PostgreSQL connection protocol

VNC

PAM Machine

Connecting to the target defined on the PAM Machine Record with the VNC connection protocol

Telnet

PAM Machine

Connecting to the target defined on the PAM Machine Record with the Telnet connection protocol

Kubernetes

PAM Machine

Connecting to the target defined on the PAM Machine record with K8s

RBI

PAM Remote Browser

Connecting to the target defined on the PAM Machine Record with http or https protocol in an isolated Chromium browser session

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the SSH protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Text Session Recording (Typescript)

When enabled, text session recordings (typescript) will be enabled for this record

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For SSH, the default port is 22

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Public Host Key (Base64)

The known hosts entry for the SSH server, in the same format as would be specified within an OpenSSH known_hosts file. If not provided, no verification of host identity will be performed.

Color Scheme

The color scheme to use for the terminal emulator used by SSH connections. Each color scheme dictates the default foreground and background color for the terminal. Programs which specify colors when printing text will override these defaults. Legal values are:

• "black on white" - Black text over a white background

• "gray on black" - Gray text over a black background (the default)

• "green on black" - Green text over a black background

• "white on black" - White text over a black background

• "Custom" - custom color scheme

Default value is "white-black"

Font Size

Font size displayed for the terminal session

SFTP

If enabled, the user can drag and drop files into the terminal session to transfer one or more files.

File Browser Root Directory

If SFTP is enabled, file transfers will be saved to the specified folder path.

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user.

Can paste from clipboard

If enabled, user can paste text from clipboard within the connected protocol session.

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Machine Record

The PAM Machine record contains information of the endpoint you want to establish an RDP protocol connection to.

PAM User Record

The PAM User record contains the user credentials that will be used to connect to the endpoint

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the RDP protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For RDP, the port is 3389

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Security Mode

The security mode to use for the RDP connection. This mode dictates how data will be encrypted and what type of authentication will be performed, if any. By default, security mode negotiation is performed.

Legal values are:

• "any" - Negotiate with the server, allowing the RDP server to choose its preferred security mode (the default).

• "NLA" - Network Level Authentication, sometimes also referred to as "hybrid" or CredSSP (the protocol that drives NLA) and uses TLS encryption.

• "RDP Encryption" - Standard RDP encryption. Newer Windows servers generally have this mode disabled by default, and instead require NLA.

• "TLS Encryption" - Transport Layer Security.

• "Hyper-V/VMConnect" - Automatically select the security mode based on the security protocols supported by both the client and the server, limiting that negotiation to only the protocols known to be supported by Hyper-V / VMConnect. This security mode must be selected if connecting to the console of a Hyper-V virtual machine.

Default value is Any

Disable Authentication

If enabled, authentication will be disabled. Note that this refers to authentication that takes place while connecting. Any authentication enforced by the server over the remote desktop session (such as a login dialog) will still take place. By default, authentication is enabled and only used when requested by the server.

If you are using NLA, authentication must be enabled by definition.

Ignore Server Certificate

If enabled, the certificate returned by the server will be ignored, even if that certificate cannot be validated. This is useful if you universally trust the server and your connection to the server, and you know that the server's certificate cannot be validated (for example, if it is self-signed)

Load Balance Info/Cookie

The load balancing information or cookie which should be provided to the connection broker. If no connection broker is being used, this should be left blank

RDP Source ID

The numeric ID of the RDP source. This is a non-negative integer value dictating which of potentially several logical RDP connections should be used. This parameter is only required if the RDP server is documented as requiring it. If using Hyper-V, this should be left blank.

Preconnection BLOB (VM ID)

An arbitrary string which identifies the RDP source - one of potentially several logical RDP connections hosted by the same RDP server. This parameter is only required if the RDP server is documented as requiring it, such as Hyper-V. In all cases, the meaning of this parameter is opaque to the RDP protocol itself and is dictated by the RDP server. For Hyper-V, this will be the ID of the destination virtual machine.

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user

Can paste from clipboard

If enabled, user can paste text from clipboard within the connected protocol session

Disable Audio

Audio output is always enabled by default. If you are concerned about bandwidth usage, or audio is causing problems, you can explicitly disable audio output

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Database Record

The PAM Database record contains information of the endpoint you want to establish an MySQL protocol connection to.

PAM User Record

The PAM User record contains the MySQL user credentials that will be used to connect to the endpoint

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the MySQL protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Text Session Recording (Typescript)

When enabled, text session recordings (typescript) will be enabled for this record

Inlcude Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Database. The port specified here will override the default port. For MySQL, the port is 3306

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Default Database

The database schema selected when connecting to the specified database server.

Can export CSV

Enables CSV export of data when using the SQL statement "select ... into local outfile"

Can import CSV

Enables CSV import of data when using the SQL statement "load data local infile ... into table"

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user

Can paste from clipboard

If enabled, user can paste text from local clipboard into the connected protocol session

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Database Record

The PAM Database record contains information of the endpoint you want to establish an SQL Server protocol connection to.

PAM User Record

The PAM User record contains the SQL Server user credentials that will be used to connect to the endpoint

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the SQL Server protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Text Session Recording (Typescript)

When enabled, text session recordings (typescript) will be enabled for this record

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Database. The port specified here will override the default port. For SQL Server, the port is 1433

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Default Database

The database schema selected when connecting to the specified database server.

Can export CSV

Enables CSV export of data when using the SQL statement "select ... into local outfile"

Can import CSV

Enables CSV import of data when using the SQL statement "load data local infile ... into table"

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user

Can paste from clipboard

If enabled, user can paste text from local clipboard into the connected protocol session

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Database Record

The PAM Database record contains information of the endpoint you want to establish an PostgreSQL protocol connection to.

PAM User Record

The PAM User record contains the PostgreSQL user credentials that will be used to connect to the endpoint

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the PostgreSQL protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Text Session Recording (Typescript)

When enabled, text session recordings (typescript) will be enabled for this record

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Database. The port specified here will override the default port. For PostgreSQL, the port is 5432

Launch Credential

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Default Database

The database schema selected when connecting to the specified database server.

Can export CSV

Disables CSV export of data when using the PSQL statement \COPY

FROM "input.csv" With CSV

Can import CSV

Disables CSV import of data when using the PSQL statement \COPY () TO ".csv" With CSV HEADER

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user

Can paste from clipboard

If enabled, user can paste text from local clipboard into the connected protocol session

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Machine Record

The PAM Machine record contains information of the endpoint you want to establish an VNC protocol connection to.

PAM User Record

The PAM User record contains the VNC credentials that will be used to connect to the machine

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the VNC protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For VNC the port is 5900

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Destination Host

Required if using a VNC Repeater such as UltraVNC Repeater

The destination host to request when connecting to a VNC proxy such as UltraVNC Repeater

Destination Port

Required if using a VNC Repeater such as UltraVNC Repeater

The destination port to request when connecting to a VNC proxy such as UltraVNC Repeater

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user

Can paste from clipboard

If enabled, user can paste text from clipboard within the connected protocol session

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Machine Record

The PAM Machine record contains information of the endpoint you want to establish an Telnet protocol connection to.

PAM User Record

The PAM User record contains the user credentials that will be used to connect to the endpoint

Protocol

Required

The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the Telnet protocol should be selected

Enable Connection

Required

To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Text Session Recording (Typescript)

When enabled, text session recordings (typescript) will be enabled for this record

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Connection Port

The port used to establish the selected protocol connection. By Default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For Telnet, the port is 23

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Username Regular Expression

The regular expression to use to detect the username prompt when the username cannot be provided. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).

Password Regular Expression

The regular expression to use to detect the password prompt. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).

Login Success Regular Expression

The regular expression to use when detecting that the login attempt has succeeded. If specified, the terminal display will not be shown to the user until text matching this regular expression has been received from the telnet server. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).

Login Failure Regular Expression

The regular expression to use when detecting that the login attempt has failed. If specified, the connection will be closed with an explicit login failure error if text matching this regular expression has been received from the telnet server. Any regular expression provided must be written in the standard POSIX ERE dialect (the dialect used by egrep).

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user

Can paste from clipboard

If enabled, user can paste text from clipboard within the connected protocol session

Color Scheme

The color scheme to use for the terminal emulator used by Telnet connections. Each color scheme dictates the default foreground and background color for the terminal. Programs which specify colors when printing text will override these defaults. Legal values are:

• "black on white" - Black text over a white background

• "gray on black" - Gray text over a black background (the default)

• "green on black" - Green text over a black background

• "white on black" - White text over a black background

• "Custom" - custom color scheme

Default value is "white-black"

PAM Configuration

The PAM Configuration contains information of your target infrastructure

PAM Machine Record

The PAM Machine record contains information of the endpoint you want to establish a Kubernetes REST API connection to.

PAM User Record

The PAM User record contains the user credentials that will be used to connect to the endpoint

Protocol

Required The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the Kubernetes protocol should be selected

Enable Connection

Required To enable connection for this record, this toggle needs to be enabled

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record

Text Session Recording (Typescript)

When enabled, text session recordings (typescript) will be enabled for this record

Include Key Events

Connection Port

The port used to establish the selected protocol connection. By default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For Kubernetes, the port is 8080.

Launch Credentials

When configured, these credentials will be used to authenticate the connection. More details here

Allow users to select credentials from their vault

When enabled, allow users to use their own personal/private credentials to authenticate the connection. More details here

Rotate launch credentials upon session termination

When enabled, the configured launch credentials will be automatically rotated when the session is closed

Namespace

The name of the Kubernetes namespace of the pod containing the container being attached to. If omitted, the namespace "default" will be used.

Pod Name

The name of the Kubernetes pod with the container being attached to.

Container Name

The name of the container to attach to. If omitted, the first container in the pod will be used.

Ignore Server Certificate

If checked, the validity of the SSL/TLS certificate used by the Kubernetes server will be ignored if it cannot be validated. By default, SSL/TLS certificates are validated.

Certificate Authority Certificate

The certificate of the certificate authority that signed the certificate of the Kubernetes server, in PEM format. If omitted, verification of the Kubernetes server certificate will use only system-wide certificate authorities.

Client Certificate

The certificate to use if performing SSL/TLS client authentication to authenticate with the Kubernetes server, in PEM format. If omitted, SSL client authentication will not be performed.

Client Key

The key to use if performing SSL/TLS client authentication to authenticate with the Kubernetes server, in PEM format. If omitted, SSL client authentication will not be performed.

Color Scheme

The color scheme to use for the terminal emulator used by Kubernetes connections. Each color scheme dictates the default foreground and background color of the terminal. Programs which specify colors when printing text will override these defaults.

Font Size

The size of the font to use, in points. By default, the size of rendered text will be 12 point.

PAM Configuration

The PAM Configuration contains information of your target infrastructure.

PAM Remote Browser

The PAM Remote Browser record contains information of the endpoint you want to establish a web session to.

PAM User Record

The PAM User record contains the user credentials that will be used to autofill credentials on the web page.

Enable Remote Browser Isolation

Required

To enable connection for this record, this toggle needs to be enabled.

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record.

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Allow navigation via direct URL manipulation

Shows a website address tool in the user interface that allows the user to navigate.

Ignore server certificate

Instructs RBI to ignore invalid or expired SSL certificates on the website that is explicitly set in the URL field for the record. Certificates are required for any other domains during the session.

Allowed URL Patterns

The patterns of all URLs that the user should be allowed to visit, regardless of whether via manual navigation (URL bar) or interacting with the current page. Multiple patterns may be specified, separated by newlines. If specified, only pages matching patterns in the list are permitted. By default, all URLs are permitted.

Allowed Resource URL Patterns

The patterns of all URLs that the a page should be allowed to load as a resource, such as an image, script, stylesheet, font, etc. Multiple patterns may be specified, separated by newlines. If specified, only resources matching patterns in the list are permitted to be loaded. By default, no restrictions are imposed on resources loaded by pages.

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user.

Can paste from clipboard

If enabled, user can paste text from clipboard within the connected protocol session.

Browser Autofill

KeeperPAM provides the capability of autofilling a username, password and TOTP code into a target website login screen.