Hi Sanjeev, This can work with application protocol Disabled, in which case PAM just routes the connection w/o interfering with it. If you need to use the SSH protocol, to be able to record the sessions, then it won't work, because in that case it is an SSH proxy on the PAM appliance that makes the SSH connection to the target device, and that proxy again doesn't have an SSH agent component.
Original Message:
Sent: 02-26-2020 10:50 AM
From: Sanjeev Dewangan
Subject: SSH Agent Forwarding
Hi Ralf,
Thanks for the update.
How about using putty as a tcp service for this use case?
Thanks,
Original Message:
Sent: 02-26-2020 09:53 AM
From: Ralf Prigl
Subject: SSH Agent Forwarding
Hi Sanjeev, The PAM SSH client does not include an SSH agent component and therefore cannot support what you are looking for. You can raise an idea on the ideation page. Keep in mind that in general PAM is more about restricting leap frogging rather than facilitating it.
Original Message:
Sent: 02-25-2020 08:20 AM
From: Sanjeev Dewangan
Subject: SSH Agent Forwarding
It seems SSH agent forwading is not supported by default. We would want to connect to a remote Linux server via CAPAM SSH session and then, from there, connect to other hosts using SSH agent forwarding (SSH -A ).
Is there a way to configure CAPAM to support SSH Agent forwarding for ssh access via public/private key pair?
Thanks,