Re: How to configure rule for scp/sftp
Checkout the uscp binary that is bundled in the PAM Agent install. I believe /usr/bin/uscp. man uscp. Could create a command in cmdctrl and a relevant rule to authorize access. I think you'd want to authorize in a cmdctrl rule, but keep session capture disabled as I think it could potentially include file contents and clog audits.
Otherwise, there is an approach with WinSCP client to use sftp through PAM. Please contact support for more details.
Otherwise, could use linux cpcksh/pcksh shells to go through PAM for authorization of commands and the same cli tools are available in the session, but with full session control capability and audit of commands. Or elevation through usrun similar to sudo and have allowed commands like scp through that.