Reason Field in SSH Connections
The reason field can be enabled to be completed by the users when connecting to devices. The text entered as the reason for the connection appears in the Session Logs and the managerial approval request emails and notifications. To enable this feature, the reasonRequiredForConnection property must be true on a device group that includes the target devices.
- Log in to the Kron PAM Web GUI.
- Navigate to Devices> Devices.
- Click the desired Device Group, and select its properties.
- Click Edit then Next buttons.
- Expand the Connection Approval Methods section.
- Toggle on the Require user to enter a reason for connection property.
To set a minimum character limit for the reason required for the connection, the following steps must be followed to define the limit.
- Log in to the Kron PAM Web GUI
- Navigate to System Configuration Manager > Add > Add New System Parameter.
- Add the parameter ssh.min.reason.character.limit. This value can be set to 5 or greater.
- Navigate to Devices > Inventory.
- Choose the desired Device Group, select Edit Connection Approval Methods
- Set the Require user to enter a reason for connection property as true.
According to regulations, it is mandatory to justify why a connection is being established during each connection setup. This requirement ensures traceability, accountability, and compliance with security and auditing standards, minimizing unauthorized or unclear access to sensitive systems.
