ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Cannot use OpenSSH client ssh.exe on Windows in a TCP/UDP service

book

Article ID: 226747

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We configured a connection using OpenSSH as TCP/UDP Service but PAM can't run the application and insert credentials.

If I open the application using cmd, PAM injects credentials. but PAM can't start the application using the same behavior as Putty.

Cause

C:\Windows\system32\OpenSSH\ssh.exe is a 64-bit executable and cannot be launched by the PAM client, which is a 32-bit Java application. It also is not a graphical client and needs to run in a CMD window. The arguments in the above screenshot are not quite right either, it should be <User>@<Local IP>.

Environment

Release : 3.4

Component :

Resolution

The ssh.exe application is not a standalone SSH client and has to be run from a command line. And since the PAM client is a 32-bit application, it can only launch the 32-bit version successfully. An example of calling a bat file that runs the 32-bit ssh.exe executable is provided below. However, our recommendation is to use the built-in SSH access method, or a graphical SSH client such as PuTTY.

One way to use this client would be as follows:

1) Install the 32-bit executable and required library (libcrypto.dll). The 32-bit versions of ssh.exe and libcrypto.dll are e.g. found at https://github.com/PowerShell/Win32-OpenSSH/releases. In our case we copied these two files to C:\Windows\SysWOW64\OpenSSH.

2) Create a bat file, in our case named "launchssh.bat", with the following contents:

start cmd /c C:\Windows\SysWOW64\OpenSSH\ssh.exe %1

3) Define the TCP/UCP service with an Client Application string that calls the bat file:

C:\tools\launchssh.bat <User>@<Local IP>