Home > database >  Issue with CyberArk and WinSCP (command line setting)
Issue with CyberArk and WinSCP (command line setting)

Time:01-26

I successfully tested CyberArk with SSH and I used this command line (all works correctly):

ssh -o StrictHostKeyChecking=no -t <PSMConnect> <domain_login_name> <linux_target_account> <address>

you can see real command:

ssh -o StrictHostKeyChecking=no -t [email protected] jist root 10.192.24.10

where jist is domain login name, root is account in target location defined based on IP 10.192.24.10

But I have issue with configuration of WinSCP with CyberArk. Do you know which command line parameters are needed for building relation between WinSCP & CyberArk (that CyberArk will monitor activities under WinSCP)?

I expect something like this command (but I did not find the detail in documentation):

winscp -t [email protected] ???

BTW: I saw only ability to use WinSCP from Terminal Server which is under CyberArk monitoring, but it is without standard command line and this way has really huge overhead (extra terminal server, local disk mapping to the Terminal, etc. and finally, it degrades total performance for file transfers).

NOTE: Why this question (relation to SW use cases):

  • If I need to transfer file to the production from my workstation via WinSCP (without CyberArk), IT Security generate security incident. Why? Because IT Security need to monitor my activities and from these reasons they use CyberArk and monitor activities in production environment under SSH, all activities in Terminal Server ... .
  • How to avoid generate IT Security incidents. First option is to use WinSCP not from my workstation, but use WinSCP in Terminal Server (which full monitor CyberArk), but this way is not so comfortable (slow Terminal Server, mapping my local disks, etc.). Second (preferred) option is to use the similar way as SSH (it means SSH support relation to CyberArk and send to the CyberArk information about user activities e.g. user run these commands, ...). It means I am looking for ability do define via command line setting of WinSCP, that WinSCP will inform CyberArk about user activities such as user copy file (via SFTP) from source to target, etc. This relation will help me to avoid First option and use WinSCP directly from my workstation not from Terminal Server and the IT Security will be happy (because the will monitor my activities under WinSCP)

CodePudding user response:

Your ssh command executes command jist root 10.192.24.10. That supposedly gets you to the shell of 10.192.24.10.

Relation of that to SFTP is very limited. I do not know what exactly jist command does.

In SFTP (and actually even in SSH shell), the standard way to get to a machine that is accessible via another machine only is via port forwarding. That's enter image description here

2. Step - Advanced Site Setting in WinSCP

  • Environment SCP/Shell Shell: option /bin/bash/

    enter image description here

After this setting (for connection on WinSCP side) everything works correctly and the IT Security has full detail about content transfer.

  • Related