Previous Topic: Windows Endpoint Configuration ToolNext Topic: How SAM Connects to UNIX Endpoints

Enterprise Administration GuideImplementing Shared AccountsSAM Endpoint and Shared Account CreationCreate an EndpointSSH Device Connection Information

SSH Device Connection Information

The SSH Device type lets you manage privileged UNIX accounts.

Important! Before you configure a SAM SSH endpoint, disable tunneled clear text passwords on the endpoint before you configure the endpoint settings.

When you create devices of this type, provide the following information so that CA ControlMinder Enterprise Management can connect to the device:

User Login

Defines the name of an administrative user of the endpoint. SAM uses this account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords.

Note the following points:

If you specify the Advanced option, SAM does not use the User Login account to perform administrative tasks. Instead, SAM uses the specified privileged account to perform administrative tasks on the endpoint. If you specify an operation administrator account, SAM uses that account to perform administrative tasks on the endpoint.

Password

Defines the password of the administrative user of the endpoint.

Host

Defines the host name of the endpoint.

Use Telnet

Specifies to use Telnet rather than SSH to connect to the SSH device.

Operation Administrator User Login

(Optional) Defines the name of an operation administrator user of the endpoint. SAM uses this account to perform administrative tasks on the endpoint, for example, discovering and changing the password of privileged accounts. If you do not specify an operation administrator user, SAM uses the User Login account to perform administrative tasks on the endpoint.

If you specify an operation administrator user for an SSH endpoint that uses a Check Point firewall, specify the expert user. However, you cannot use SAM to change the password for the expert account on the endpoint. This restriction means that the expert account must be a disconnected account in SAM.

Operation Administrator Password

(Optional) Defines the password of the operation administrator user.

Configuration File

Specifies the name of the SSH Device XML configuration file. You can customize the XML files according to your needs.

Note: If you do not specify a value for this field, CA ControlMinder Enterprise Management uses the ssh_connector_conf.xml file.

Advanced

Specifies whether you want to use a privileged administrative account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords. For example, you can specify a privileged domain account that can perform administrative tasks on multiple endpoints.

If you specify this option, SAM does not use the User Login account to perform administrative tasks.

Disable Exclusive Sessions

Specifies whether to disable the exclusive sessions check on this endpoint. When selected, SAM does not check for open sessions on the endpoint.

Deny Exclusive Break-Glass

Specifies to block break-glass check-out action on exclusive accounts.