This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSH Relay window not asking for authentication

Hi,

I've installed and configured PAM 3.6 in Linux (Suse 12 SP3) environment. Configured for SSH Relay . 

The file .jnlp generated but the SSH Login window not asking for credential. Found below error in unifid.log

SSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

The installed JDK is latest windows from where I run the SSH Relay.

Can anyone please help me to overcome this issue ?

  • 0  

    The SSL cert unknown is probably unrelated.  This is because the Framework managers self sign a cert to get going. There is a generate a CSR option. (I think it is Hosts, find the framework server, packages, then Framework Manager and the left menu will offer Request and install cert options).

    Did you apply a restricted group to the SSH Relay rule?  I.e. Is there a requirement to auth?  Whom is allowed?

  • 0  

    If the jnlp file is downloaded and launches, but is blank or perhaps not prompting for the 'Submit User' credential. I suspect there is some issue establishing an ssh connection with the sshrelay server. Try opening the jnlp in Notepad and check for the property value of "jnlp.pamHost," which should be the sshrelay server I believe. Verify the client/workstation can establish a connection to that ip address and port with something like telnet and if it's a dns address, please also verify the name can be resolved by the workstation. Otherwise, there are some Java Client Options that should be available in Windows for tweaking connectivity type things like certificates, etc. that might be worth exploring as well.

  • 0  

    If the jnlp file is downloaded and launches, but is blank or perhaps not prompting for the 'Submit User' credential. I suspect there is some issue establishing an ssh connection with the sshrelay server. Try opening the jnlp in Notepad and check for the property value of "jnlp.pamHost," which should be the sshrelay server I believe. Verify the client/workstation can establish a connection to that ip address and port with something like telnet and if it's a dns address, please also verify the name can be resolved by the workstation. Otherwise, there are some Java Client Options that should be available in Windows for tweaking connectivity type things like certificates, etc. that might be worth exploring as well.

  • 0  

    If the jnlp file is downloaded and launches, but is blank or perhaps not prompting for the 'Submit User' credential. I suspect there is some issue establishing an ssh connection with the sshrelay server. Try opening the jnlp in Notepad and check for the property value of "jnlp.pamHost," which should be the sshrelay server I believe. Verify the client/workstation can establish a connection to that ip address and port with something like telnet and if it's a dns address, please also verify the name can be resolved by the workstation. Otherwise, there are some Java Client Options that should be available in Windows for tweaking connectivity type things like certificates, etc. that might be worth exploring as well.

  • 0   in reply to   

    I should have also mentioned that you can also use your preferred ssh client on your workstation as well and simply connect to the sshrelay server (:2222).

  • 0  
    I should have also mentioned that you can also use your preferred ssh client on your workstation as well and simply connect to the sshrelay server (:2222).
  • 0  
    I should have also mentioned that you can also use your preferred ssh client on your workstation as well and simply connect to the sshrelay server (:2222).
  • 0  
    I should have also mentioned that you can also use your preferred ssh client on your workstation as well and simply connect to the sshrelay server (:2222).
  • 0   in reply to   

    I much prefer this approach. Since you get a menu of availanle hosts, and you select the one you want and forward you go.  And MFA worked too as well, I recall.

     

  • 0 in reply to   

    Hi Geoffrey,

    Can you guide me where .jnpl  file is in my access control, In admin portal.