Symantec Privileged Access Management

  • 1.  SSH access via CAPAM_2.8.3.02

    Posted Oct 04, 2017 09:15 AM

    Hi there!

     

    I'm facing a similar issue to the one posted in:

    Tech Tip - CA Privileged Access Manager: Issue with SSH access to Solaris via CA PAM 2.8.2  

     

    Not against a Solaris box but a Ubuntu Linux one, although Resolution says it was going to be fixed in 2.8.3 release, I'm running CAPAM_2.8.3.02 but the issue persist.

     

    Issue:

      SSH applet opens and shows ""Connected to server running SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8".

      But then no login prompt is ever displayed, turning into timeout.

    Source:

      CAPAM_2.8.3.02 (Web and Java client)

    Target:

      Ubuntu 14.04 x86_64 devices with SSH applet enabled.

      SSH-2.0 OpenSSH_6.6.1p1

      kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

     

    Troubleshooting:

    - For both Web (browser) and Java client, cache has been cleared

    - Successful SSH access from other Linux boxes has been tested. From:

       Ubuntu 14.04.5 3.13.0-129-generic x86_64
       SSH-2.0 OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f

    - ~/CAPAMClient/logs.log output:
    SSHInteractiveClient.fatalDisconnect() : 'Disconnected, reason: Exception caught when processing RX pkt'     syserr [Switchboard]
    SSH2Transport.disconnectInternal() : 'disconnect: Exception caught when processing RX pkt'     syserr [Switchboard]

     

     

    Any suggestion(s) would be much appreciated.



  • 2.  Re: SSH access via CAPAM_2.8.3.02

    Broadcom Employee
    Posted Oct 04, 2017 09:34 AM

    Hi,

     

    Is this an attempt to use password management to SSH to server automatically?

     

    Mike P



  • 3.  Re: SSH access via CAPAM_2.8.3.02

    Posted Oct 04, 2017 09:51 AM

    Hi Michael, thanks for replying.

    No, it is a simple SSH from the SSH CA PAM applet expecting the login prompt from the target in order to provide credentials.

     

    Cheers,



  • 4.  Re: SSH access via CAPAM_2.8.3.02
    Best Answer

    Broadcom Employee
    Posted Oct 04, 2017 10:47 AM

    Hello, If you are indeed at 2.8.3.02, please got to https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-privileged-access-manager-solutions-patches.html and download and then apply patch 2.8.3.03. This appears to be closer to your problem than the old Solaris connect issue. If the problem persists with 2.8.3.03, please open a support case and if possible attach the client log after going to the Config > Diagnostic section, scroll down to the "Applet Log Level” section, set the log level to Debug and hit the Submit button. Reproduce the problem and then set the log level back to Error.