Managerial Approval for SSH Proxy Connections

privileged users’ ssh connections to target devices can be monitored with managerial approvals before establishing the connection to enable managerial requests and approval via email for users connecting to devices, the require managerial approva l property must be set as true on the device group with the target devices refer to the docid\ g7h3clcbskht29xnnqxnb section for additional details when the managerial approval feature for a user is enabled, an approval request email is sent to his/her group manager for each attempt, a new approval email is generated and sent to the manager a parameter can be configured to limit the number of connection request emails sent to the group manager for a certain connection establish an ssh connection to the kron pam server set the required parameter in /u01/nssoapp/conf/nsso properties with the commands below cd /u01/nssoapp/conf/ vi nsso properties add/edit the following parameter with the vi editor nsso approval email timeout = 0 (default value is “0” and the value label is in seconds) after the parameters are set, save, and exit the vi editor and restart the nssoapp with the command systemctl restart nssoapp this parameter prevents kron pam from sending too many emails to the manager for each repetitive attempt for example, if the parameter is set to 300 seconds, and a user attempts to connect to a device more than once in five minutes only one approval email will be sent to the manager to approve/decline the connection request if the admin wants the managers to receive only one approval email for each attempt, the parameter default value of zero can be used