PAM360 » Features » SSH Command Control

Organizations often manage critical devices running on Linux, Unix, and CISCO IOS which support SSH connections, many of which orchestrate daily business activities. IT teams restrict user access to such devices by granting access to only mission-critical employees. However, to further preserve the integrity and availability of these resources, organizations must enforce granular restrictions that prevent even privileged users from performing unauthorized actions. ManageEngine PAM360 helps organizations of all sizes enable IT teams to implement restrictions on these resources using the SSH command control.

Using command control, IT admins can create and enforce a list of commands that all or a select few employees can run on resources. At any point, PAM360 will prevent users from running commands that are not part of this list.

Create a custom list of commands

Create a set of custom commands that your users can run. You can also instantly import these commands from a CSV file to PAM360. Once added, IT admins can enable command control by associating these command groups with relevant resources. You can also use the default set of allowlist commands suggested by PAM360.

Create a custom list of commands

Group commands together

Group multiple commands into a command group to allow-list a bulk list of commands on a resource. IT admins can add new commands or remove existing commands from a command group as and when required.

Group commands together

Set up custom restrictions

You can implement granular access restrictions by selectively enforcing command control on a select few user accounts within a resource. This helps teams avoid unwanted access disruptions.

Set up custom restrictions

Access to allow-listed commands

When resources are enabled with access restrictions, PAM360 will display the list of commands allow-listed by admins in a side panel. Users can search for commands relevant to their tasks from this list and use them accordingly.

Access to allow-listed commands

Customize management roles

By default, all IT admin users will have access to a Command Control role. This role will allow them to create commands and command groups, associate command groups with resources and accounts, and enforce command control. You can determine who can and can't enable command control in your organization by customizing the command control roles according to your needs.

Customize management roles

Real-time audits and reports

View real-time audits on all the critical command control operations performed in PAM360. You can find a report of all the command groups mapped with resources and accounts from the Reports tab.

Whether you wish to restrict access to every employee in your organization, or create a custom restriction for internal or third-party personnel, PAM360's native command control will protect your endpoints.

Learn how

 
 

ManageEngine named a Challenger in the 2023 Gartner ® Magic Quadrant ™ for Privileged Access Management. Read full report.