muhammadnoman Valued Contributor.
Valued Contributor.
538 views

PAM3.6: SSH-Relay asking for passphrase???

Hi Everyone,

In PAM 3.6 I have configured SSH-Relay rule along with root user password but when going to access SSH-Relay, it prompting to enter passphrase of private key, why?

screen shot of rule:
https://pasteboard.co/I73gE2Q.png

screen shot of the vault:
https://pasteboard.co/I73hNWmf.png

screen shot of problem:
https://pasteboard.co/I73iltx.png

I don't understand if I have configured in credential type to use password then why its asking to enter passphrase?
Regards,
0 Likes
4 Replies
AutomaticReply Absent Member.
Absent Member.

Re: PAM3.6: SSH-Relay asking for passphrase???

muhammadnoman,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM3.6: SSH-Relay asking for passphrase???

Please delete the 'root' credential from the 'pmg' ssh account domain.
Then create the credential new and select 'Password' as type.
Then in cmdctrl console, please edit the rule and select account domain, credentials, run user appropriately for this new 'root' credential and save.

Then try again the use-case again.. I suspect there may be an issue if credential was initially created with private key type with blank passphrase and then changed to 'password' type credential.. So deleting, recreating as 'Password' type initially may help resolve this.
0 Likes
muhammadnoman Valued Contributor.
Valued Contributor.

Re: PAM3.6: SSH-Relay asking for passphrase???

Hi Tyler,

Thanks for your reply as usual, appreciated.
I have Initially created Account Domain with Credential Type as "Password" and selected the same Account Domain etc in Rule, Let you know I am using same settings in PAM 3.5 as well working perfectly but facing problem in PAM 3.6.

Screen shots again attached:

Vault:
https://pasteboard.co/I73hNWmf.png

Rule:
https://pasteboard.co/I73gE2Q.png

Problem:
https://pasteboard.co/I73iltx.png

Regards,
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM3.6: SSH-Relay asking for passphrase???

Did you delete the credential from PAM Credential Vault in 3.6 and then create a new one with same details? Please refer to my steps in above comment if details are needed. Do please try this, as it should be a quick test and may resolve the issue you are facing.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.