This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to open SSH session

Hi There.

I have configured PAM with Access manager for SSO which is happening perfectly.

Without Going through access manager i am able to login into PAM RDP as well open SSH via java.

Now I am facing issue when I am trying to access SSH session when going through Access manager where as RDP is working perfectly fine.

LogsPam error.JPG

where 172.19.22.4 is my pam ip and 172.19.22.2 is my access server SSO and idm-1 is my linux server.

Please help me out here

  • 0  

    Ok, so the errors in the screenshot you provided from the unifid.log are not related, those ssl certificate warnings/errors are just relating to self-signed certificates within the framework and are no big deal.

    I have a few questions relating to the non-working sshrelay session:

    1. Is the anticipated SSH Relay Session being listed in My Access for the user?
    2. When selecting to Launch this particular session, does the .jnlp file get downloaded to the user's workstation by the browser?
    3. When launching the .jnlp file to start the sshrelay session, are there any errors presented there to the user? Is it just blank? Is the user prompted to enter their credentials?

     

    Also, just an FYI, in PAM 4.0, there is a really cool upgrade to this use-case where the ssh session is embedded within the PAM UI (no java or .jnlp file needed) and there is similar Agentless capability: See Secure Shell Web Relay for more details (released in PAM 4.0 - See Agentless Privileged Access and Auditing).

  • 0 in reply to   

    Hi tdharris,

    Thanks for reply please see below response

    1. Is the anticipated SSH Relay Session being listed in My Access for the user?

    >> Yes SSH Relay Session is listed for the user.

    PAM.JPG

    2. When selecting to Launch this particular session, does the .jnlp file get downloaded to the user's workstation by the browser?

    >>Yes It is being downloaded.

    1. When launching the .jnlp file to start the sshrelay session, are there any errors presented there to the user? Is it just blank? Is the user prompted to enter their credentials?

    The error is showing unable to launch the application.

    In which inside image the URL is shown is coming from reverse proxy.

    Inside Access Manager --> reverse prxy--> i have enabled the session stickiness

    PAM 2.JPG

    Also, just an FYI, in PAM 4.0, there is a really cool upgrade to this use-case where the ssh session is embedded within the PAM UI (no java or .jnlp file needed) and there is similar Agentless capability: See Secure Shell Web Relay for more details (released in PAM 4.0 - See Agentless Privileged Access and Auditing).

     

    Can you share word doc with image to enable the same. I have not been able to do. Please

     

  • 0   in reply to 
    Oh ok, so you are using reverse proxy feature from NAM as well in this scenario. Please refer to Support for more guidance and validation of this use-case.