Example: Linux Machine
Configuring SSH Server as a PAM Machine Record
Overview
In this example, you'll learn how to configure a Linux Machine in your Keeper Vault as a PAM Machine record.
Prerequisites
Prior to proceeding with this guide, make sure you have
PAM Machine Record
Machines such as a Linux Machines can be configured on the PAM Machine record type.
Creating a PAM Machine
To create a PAM Database:
Click on Create New
Depending on your use case, click on "Rotation", "Tunnel", or "Connection"
On the prompted window:
Select "New Record"
Select the Shared Folder you want the record to be created in
Specify the Title
Select "Machine" for the Target
Click "Next" and complete all of the required information.
Configure a Linux Machine on the PAM Machine Record
Suppose I have a local Linux Virtual Machine with the hostname "local-linux-machine", the following table lists all the configurable fields and their respective values:
Title (Required)
Title of the PAM Machine Record
Local Linux Machine
Hostname or IP Address (Required)
Address or RDP endpoint or Server name of the Machine Resource
local-linux-machine
Port (Required)
Port to connect to the Linux Resource
22
Operating System
The target's Operating System
linux
Instance Name
Azure or AWS Instance Name
Required if AWS/Azure Machine
Instance ID
Azure or AWS Instance ID
Required if AWS/Azure Machine
Provider Group
Azure or AWS Provider Group
Required if a managed Azure Machine
Provider Region
Azure or AWS Provider Region
Required if a managed AWS Machine
Configuring PAM Settings on the PAM Machine
On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential. The following table lists all the configurable fields and their respective values for the Linux Machine:
PAM Configuration
Associated PAM Configuration record which defines the environment
Required - This is the PAM configuration you created in the prerequisites
Administrative Credential Record
Linked PAM User credential used for connection and administrative operations
Required Visit this section for more details
Protocol
Native protocol used for creating a session from the Gateway to the target
Required - for this example: "SSH"
Connection Parameters
Connection-specific protocol settings which can vary based on the protocol type.
See this section for SSH protocol settings. We recommend specifying the Connection Port at a minimum. E.g. "22" for SSH.
Administrative Credential Record
The Admin Credential Record in the PAM Machine links the admin user to the PAM Machine record in your Keeper Vault. This admin user is used for performing password rotations and authenticating connections.
User Accounts can be configured on the PAM User record. Visit this page for more information on the PAM User.
Setting a Non Admin User as the Administrative Credential Record
If you prefer not to authenticate a connection using the admin credential, you can optionally designate a regular user of the resource as the admin credential.
Sharing PAM Machine Records
PAM Machine records can be shared with other Keeper users within your organization. However, the recipient must have the appropriate PAM enforcement policies in place to utilize KeeperPAM features on the shared PAM records.
When sharing a PAM Machine record, the linked admin credentials will not be shared. For example, if the PAM Machine is configured with a Linux Machine, the recipient can connect to the Linux Machine on the PAM Machine record without having direct access to the linked credentials.
Learn more about Sharing and Access Control
Last updated
Was this helpful?