Configuring the Solaris ?sshd / ssh daemon? cipher capabilities to match for CA PAM "SSH Command Operator".
search cancel

Configuring the Solaris ?sshd / ssh daemon? cipher capabilities to match for CA PAM "SSH Command Operator".

book

Article ID: 44887

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

Configuring Solaris "sshd / ssh daemon” cipher capabilities to match for CA PAM defaults. 

Environment

Tested with the versions of CA PAM (4.2 and 4.3) and Sun Solaris (10 and 11)

Cause

Unable to connect to the remote SSH host: xxx.xxx.xxx.xxxclass java.io.IOException The socket is EOF

Resolution

To enable Solaris sshd to accept default CA PAM used ciphers you need to update the Solaris sshd configuration.

The below samples are working for Solaris 10 and Solaris 11.

The default “ciphers” supported out of the box by Solaris 10 and 11 are:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256

These are not part of the default sshd configuration file /etc/ssh/sshd_config

To now add the required CA PAM used session Ciphers (3des-cbc and blowfish-cbc) the sshd setup needs to be updated adding these additional Ciphers. This requires adding the Ciphers to the file /etc/ssh/sshd_config. The result will look like the following with the default Ciphers plus the CA PAM Ciphers:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,3des-cbc,blowfish-cbc

Once the Ciphers are added the “sshd” needs to reload the configuration data, do this per “root” running command:

svcadm restart ssh

CA PAM “Run SSH Command” simple process example to check the SSH command

Check and modify the

The process Properties Commands section

Remote Hostname                                                                   “< the remote Solaris hostname>”

Commands                                                                             “ls –la”

Save Output to Dataset Variable                                               select the checkbox

Command Output Dataset Variable Size Limit(bytes)                  4096

User Command Prompt                                                             “.*[$][]”

Time to Wait for Prompts(sec)                                                   30

Remote Login Information section

Port                                                                                         22

User Name                                                                               “<Solaris User Name>”

User Private key for Login?                                                          False

Password                                                                                  “<Solaris user password>”

Private Key Input Source                                                           Inline Content

Switch User Information section                                             keep the default settings

Execution Settings section                                                       keep the default settings

Additional Information

The results can be checked in the CA PAM log folder and the Sun Solaris Authlog