Highlighted
Respected Contributor.
Respected Contributor.
307 views

SSH Relay window not asking for authentication

Hi,

I've installed and configured PAM 3.6 in Linux (Suse 12 SP3) environment. Configured for SSH Relay . 

The file .jnlp generated but the SSH Login window not asking for credential. Found below error in unifid.log

SSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

The installed JDK is latest windows from where I run the SSH Relay.

Can anyone please help me to overcome this issue ?

0 Likes
5 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: SSH Relay window not asking for authentication

The SSL cert unknown is probably unrelated.  This is because the Framework managers self sign a cert to get going. There is a generate a CSR option. (I think it is Hosts, find the framework server, packages, then Framework Manager and the left menu will offer Request and install cert options).

Did you apply a restricted group to the SSH Relay rule?  I.e. Is there a requirement to auth?  Whom is allowed?

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSH Relay window not asking for authentication

I should have also mentioned that you can also use your preferred ssh client on your workstation as well and simply connect to the sshrelay server (:2222).

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSH Relay window not asking for authentication

If the jnlp file is downloaded and launches, but is blank or perhaps not prompting for the 'Submit User' credential. I suspect there is some issue establishing an ssh connection with the sshrelay server. Try opening the jnlp in Notepad and check for the property value of "jnlp.pamHost," which should be the sshrelay server I believe. Verify the client/workstation can establish a connection to that ip address and port with something like telnet and if it's a dns address, please also verify the name can be resolved by the workstation. Otherwise, there are some Java Client Options that should be available in Windows for tweaking connectivity type things like certificates, etc. that might be worth exploring as well.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSH Relay window not asking for authentication

I should have also mentioned that you can also use your preferred ssh client on your workstation as well and simply connect to the sshrelay server (:2222).
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: SSH Relay window not asking for authentication

I much prefer this approach. Since you get a menu of availanle hosts, and you select the one you want and forward you go.  And MFA worked too as well, I recall.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.