PAM Integration with WinSCP

Advertisement

VinceVince
Guest

PAM Integration with WinSCP

WinSCP 5.21.1

Hi,

Has anybody here ever integrated WinSCP with Thycotic Secret Server?

To make a long story short, WinSCP expects a filepath for the SSH key but Secret Server expects the key itself. Thus we are force to use the 'Proxy' feature of Secret Server which logins with temp creds and then passes the key internally. When doing so, WinSCP always return 'Cannot initialize SFTP protocol. Is the host running an SFTP server?'. This does NOT happen if we do no use the proxy feature.

Thanks
Vince

Reply with quote

Advertisement

nolo
Joined:
Posts:
2

Dear VinceVince,
I am having the same issue:

I need to connect to some Linux machines using PAM + proxy.
Since I have configured all secrets via PAM + proxy I can no longer open connections with WinSCP. Only SSH connection works, but not WinSCP connections.
I kindly ask if you can tell me what solution you have adopted

thank you
nolo

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,262
Location:
Prague, Czechia

@nolo: It's unlikely you get an answer form an anonymous user, who posted months ago.
Please give us more details about your setup. Logs files might help too. Did you test other SFTP clients?

Reply with quote

nolo
Joined:
Posts:
2

Dear @Martin,
sorry for my late reply and thanks for your answer.
Regarding the initial issue, I found two video that helped me to configure WinSCP on Secret Server:
https://vimeo.com/689362569/d941324b2c
https://vimeo.com/689362641/f7d77bdea7

I had to change some options because the video it is from an old version:
"Launcher Type" --> Proxied SSH Process
"Use SFTP Tunneling with SSH Proxy" --> tick this option

After this configurations, I can access via WinSCP (through the Secret Server proxy) all VM's Linux. But I have to use the Secret Server web interface.

At the moment I not yet been able to access directly from WinSCP without going through Secret Server Web interface. (I am not sure if that is currently possible with Secret Server).

Anyway, for me it is already a good compromise.

thank you

regards,
nolo

Reply with quote

Advertisement

Advertisement

You can post new topics in this forum