PAM 3.2

I have upgraded my PAM from 3.1 to 3.2 . Now i am configuring for SSH relay.
Following error is coming on my (Manager server) uinifid.log

Wed Dec 20 17:51:41 2017, 25, 525866752, 2287, Info, https GET /myaccess/ssh/pam-ssh.jnlp?targetHost=steven@192.168.1.xxxx
  • On 12/20/2017 06:34 AM, frankabhinav wrote:
    >
    > I have upgraded my PAM from 3.1 to 3.2 . Now i am configuring for SSH
    > relay.


    I understand, then, that this was not setup or working with 3.1, meaning
    this is not necessarily something broken after the move to 3.2.

    > Following error is coming on my (Manager server) uinifid.log
    >
    > Code:
    > --------------------
    > Wed Dec 20 17:51:41 2017, 25, 525866752, 2287, Info, https GET /myaccess/ssh/pam-ssh.jnlp?targetHost=steven@192.168.1.xxxx
  • The above suggestions are great, for more details regarding PAM SSH-Relay, please refer to documentation:
    https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/t42urslwgwm6.html#bskgwg9

    PAM SSH Relay listens on port 2222, an ssh client connects to this, and then a relay/proxied connection is started from PAM SSH Relay server to the target run host server. So a scenario like this would be:
    ssh client -> PAM SSH Relay (port 2222) -> target run host server (port 22 or whichever port is configured for this connection in the Enterprise Credential Vault)

    The following command can be used to see what ssh connections are available to the user according to PAM CmdCtrl:
    ssh -t -p2222 <PAMUser@sshrelayhost>
    Or you can specify the target run host as well:
    ssh -t -p2222 <PAMUser@sshrelayhost> <root@hostname>

    Or you can use the MyAccess user portal to start this ssh relay connection as well with the applet.

    Please verify the CmdCtrl rule has the Run Host configured properly.