Kelly Wong

Tech Tip - CA Privileged Access Manager: Issue with SSH access to Solaris via CA PAM 2.8.2

Blog Post created by Kelly Wong Employee on May 24, 2017

CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 24th May 2017

 

Issue

SSH access to Solaris via CA PAM 2.8.2 stops prior to the user login:

 

 

Cause

The is a known issue with CA PAM 2.8.2 against older Solaris Operating System running SunSSH:

====================================================
SSH Connections Fail for Some Server DH Key Sizes (DE274103)


Java currently only supports Diffie Hellman (DH) Key Agreement for key sizes that are multiples of 64 and in the range from 512 to 2048 (inclusive). As a result, if a server generates a DH key size that does not meet these criteria, Java throws an exception and the SSH connection fails.
====================================================

 

Resolution

This access issue caused by the previous fix will be addressed with CA PAM 2.8.3 release.

When SSH access failed due to the DH key Size, PAM will retry with shorter length key size. 

Outcomes