We configured a TCP/UDP service launching an Attachmate Extra client to connect to an AIX server via SSH. The Client Application string is "extra <config file>", where <config file> points to a configuration file that instructs the Extra client to connect to the local IP and local port configured in the TCP/UDP service in PAM via SSH. We know this works, because the connection is successful when we choose application protocol Disabled in the TCP/UDP service. But that setting does not allow us to record the session. When we set the application protocol to SSH, the connection does not work.
The SSH proxy log on the PAM server rejected the connection from the SSH client, because the client did not provide a properly terminated version string. It turned out that an old Extra client version with a correspondingly old SSH 1 client was used.
Release : 3.4
Component : PRIVILEGED ACCESS MANAGEMENT
Upgrading the Extra client to a recent version resolved the problem