SSH Relay not working for target Linux with custom port - Micro Focus Community

prasenjitmass · ‎2019-12-09

Hi,

I've configured PAM 3.6 for SSH Relay where the target Linux is working with port 5522. Configured the Linux credential vault with custom port. Now while tried to SSH relay (through putty ) user get authenticate to PAM but while selecting that target Linux , system showing messages " ssh: connect to host x.x.x.x port 22: Connection refused.

How to configure PAM to allow this custom port 5522 ?

geoffc · ‎2019-12-09

This was a joyous bug. I found it as well.

Two solutions:

Path to 3.6.02 released last week. It is a bug in the SSH proxy and they did not properly pass through a parameter.

If you cannot go to 3.6.02 then tick the X11 forwarding in teh Command Control rule (Do you ever get the urge to call it Command and Conquer like the video game? I do it all the time) and it will work. Even if you are not using X11.

Tyler (tdharris here) found the issue and resolution for me. Great guy.

tdharris · ‎2020-01-21

Haha, yes @geoffc "Command And Conquer" all the way! 😉

To follow-up, this has been resolved in the following releases or later of course:

- PAM 3.7:
https://www.netiq.com/documentation/privileged-account-manager-37/npam_37_releasenotes/data/npam_37_releasenotes.html#t4b2zalpq9yk

- PAM 3.6.0.2:
https://www.netiq.com/documentation/privileged-account-manager-36/npam_3602_releasenotes/data/npam_3602_releasenotes.html#t4b2md32j0ru

geoffc · ‎2020-01-22

Command and Conquer is better than Rise of the Triad or Doom I suppose. Different style games. I was playing Final Fantasy 5 on my phone which is kind of similar to C&C as I recall it.

I recall epic games after work at the office when I was a bit younger.