UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Commodore
Commodore
258 views

Unable to open SSH session

Hi There.

I have configured PAM with Access manager for SSO which is happening perfectly.

Without Going through access manager i am able to login into PAM RDP as well open SSH via java.

Now I am facing issue when I am trying to access SSH session when going through Access manager where as RDP is working perfectly fine.

LogsPam error.JPG

where 172.19.22.4 is my pam ip and 172.19.22.2 is my access server SSO and idm-1 is my linux server.

Please help me out here

0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Ok, so the errors in the screenshot you provided from the unifid.log are not related, those ssl certificate warnings/errors are just relating to self-signed certificates within the framework and are no big deal.

I have a few questions relating to the non-working sshrelay session:

  1. Is the anticipated SSH Relay Session being listed in My Access for the user?
  2. When selecting to Launch this particular session, does the .jnlp file get downloaded to the user's workstation by the browser?
  3. When launching the .jnlp file to start the sshrelay session, are there any errors presented there to the user? Is it just blank? Is the user prompted to enter their credentials?

 

Also, just an FYI, in PAM 4.0, there is a really cool upgrade to this use-case where the ssh session is embedded within the PAM UI (no java or .jnlp file needed) and there is similar Agentless capability: See Secure Shell Web Relay for more details (released in PAM 4.0 - See Agentless Privileged Access and Auditing).

0 Likes
Commodore
Commodore

Hi tdharris,

Thanks for reply please see below response

  1. Is the anticipated SSH Relay Session being listed in My Access for the user?

>> Yes SSH Relay Session is listed for the user.

PAM.JPG

2. When selecting to Launch this particular session, does the .jnlp file get downloaded to the user's workstation by the browser?

>>Yes It is being downloaded.

  1. When launching the .jnlp file to start the sshrelay session, are there any errors presented there to the user? Is it just blank? Is the user prompted to enter their credentials?

The error is showing unable to launch the application.

In which inside image the URL is shown is coming from reverse proxy.

Inside Access Manager --> reverse prxy--> i have enabled the session stickiness

PAM 2.JPG

Also, just an FYI, in PAM 4.0, there is a really cool upgrade to this use-case where the ssh session is embedded within the PAM UI (no java or .jnlp file needed) and there is similar Agentless capability: See Secure Shell Web Relay for more details (released in PAM 4.0 - See Agentless Privileged Access and Auditing).

 

Can you share word doc with image to enable the same. I have not been able to do. Please

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Oh ok, so you are using reverse proxy feature from NAM as well in this scenario. Please refer to Support for more guidance and validation of this use-case.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.