Symantec Privileged Access Management

 View Only
  • 1.  CA PAM cannot access SSH to Target Devices

    Posted Dec 13, 2019 03:18 AM
    Hi all,

    I have CA PAM device running version 3.2.0 but it always taking too long for loading when i first login or switch between tab. i decided to upgrade it to 3.3.0 and it was working faster but since i upgrade to 3.3.0, i no longer ssh to target devices. It inform the error below : 


    As i understand, our mean CA PAM and peer mean target devices, right ? The key exchange algorithm not match so it can't establish ssh connection. How can i fix this ?

    One more thing is if i using putty instead of CA PAM default ssh app, can it recording ? Does it require jump server like RDP application ? Thanks.


  • 2.  RE: CA PAM cannot access SSH to Target Devices

    Broadcom Employee
    Posted Dec 13, 2019 01:13 PM
    Hi,

    Please consult the following knowledge article that covers the in's and out's on this topic:

    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=138429

    Regards,
    Kevin D.


  • 3.  RE: CA PAM cannot access SSH to Target Devices

    Posted Dec 17, 2019 02:48 AM
    Hi Kevin,

    i found this on my system. Is this mean CA PAM 3.3.0 running ssh version 3.0 and my client running ssh 2.0 then they are not able to communicate to each orther ? 




  • 4.  RE: CA PAM cannot access SSH to Target Devices
    Best Answer

    Broadcom Employee
    Posted Dec 17, 2019 10:07 AM
    Hi Loi,

    I have updated the above knowledge document and put the following section in it:

    To determine what ciphers you have implemented on your Unix/Linux System -> please use the following nmap commands:

    nmap -p 22 --script ssh2-enum-algos <ip address>

    This command will advise all security algorithms that they target system supports.  These target servers must support at least one of the security algorithms from each of the three categories listed here:

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3/upgrading/upgrade-to-release-3-3/upgrade-prerequisites-for-3-3.html#concept.dita_e77c4804540e0635d652cc01a7e2e5ad07f3acef_ReviewStrongCryptographyonCiscoandUNIXTargetConnectorsandtheSSHAccessMethod


    Regards,
    Kevin D.