Symantec Privileged Access Management

 View Only
Expand all | Collapse all

PAM 3.3. Connection time for SSH sessions was increased to 80 seconds

  • 1.  PAM 3.3. Connection time for SSH sessions was increased to 80 seconds

    Posted Oct 31, 2019 10:27 AM
    Hello Community

    After updating from version 3.2.4 to 3.3, an alarming increase is presented to achieve the SSH connection. In version 3.2.4 the time from when the user launched the SSH session until he entered the EndPoint was between 10 and 15 seconds, after updating to version 3.3 this time is between 80 and 90 seconds.

    Any known reason for this failure?

    ------------------------------
    Julian Riaño
    MSL
    ------------------------------


  • 2.  RE: PAM 3.3. Connection time for SSH sessions was increased to 80 seconds
    Best Answer

    Broadcom Employee
    Posted Nov 05, 2019 12:48 AM
    If you are seeing slow connection to the Unix Target Server, I would download the SPFD log and find the matching IP address of the target server and filter the ThreadID to see what is going on. 


    I tried testing to see if I see any delay and I do see there is significant delay when connecting to RHEL 7 server from PAM.

    In my case I was connecting to 192.168.0.22
    It took almost a minute to connect.

    Most common delay can come from SocketFilterAgent port 8550 not opened or blocked.
    And other delays can come from Session Recording where session recording need to verify the mount is available for writing.

    But the delay do seem excessive.
    I tested on PAM 3.2.6 and there was no delay.

    I do not find any known issue right now but it does look odd as I did not experience this delay when I first tested PAM 3.3.0 initially but I see this today.
    At this point, I would recommend that you raise a support ticket to investigate this further.

    ------------------------------
    Support Engineer 5
    Broadcom
    ------------------------------