PIV\CAC Login through SSH. server refused public-key signature despite accepting key!

book

Article ID: 197468

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

PIV\CAC cards via CA PAM through SSH returns "server refused public-key signature despite accepting key!".

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

PAM does not support PIV passthrough via SSH. "server refused public-key signature despite accepting key!" is the message returned when you try to connect through SSH and PIV.

Windows target device only is supported.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4-1/integrating/configure-kerberos-piv-cac-authentication-for-windows-targets.html#concept.dita_5e9c4be2369f295ada4712f6ff6dad4c2ec28251_PrerequisitesforUsingKerberosPIVCAC