Configuring Solaris "sshd / ssh daemon” cipher capabilities to match for CA PAM defaults.
Tested with the versions of CA PAM (4.2 and 4.3) and Sun Solaris (10 and 11)
Unable to connect to the remote SSH host: xxx.xxx.xxx.xxxclass java.io.IOException The socket is EOF
To enable Solaris sshd to accept default CA PAM used ciphers you need to update the Solaris sshd configuration.
The below samples are working for Solaris 10 and Solaris 11.
The default “ciphers” supported out of the box by Solaris 10 and 11 are:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256
These are not part of the default sshd configuration file /etc/ssh/sshd_config
To now add the required CA PAM used session Ciphers (3des-cbc and blowfish-cbc) the sshd setup needs to be updated adding these additional Ciphers. This requires adding the Ciphers to the file /etc/ssh/sshd_config. The result will look like the following with the default Ciphers plus the CA PAM Ciphers:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,3des-cbc,blowfish-cbc
Once the Ciphers are added the “sshd” needs to reload the configuration data, do this per “root” running command:
svcadm restart ssh
CA PAM “Run SSH Command” simple process example to check the SSH command
Check and modify the
The process Properties Commands section
Remote Hostname “< the remote Solaris hostname>”
Commands “ls –la”
Save Output to Dataset Variable select the checkbox
Command Output Dataset Variable Size Limit(bytes) 4096
User Command Prompt “.*[$][]”
Time to Wait for Prompts(sec) 30
Remote Login Information section
Port 22
User Name “<Solaris User Name>”
User Private key for Login? False
Password “<Solaris user password>”
Private Key Input Source Inline Content
Switch User Information section keep the default settings
Execution Settings section keep the default settings
The results can be checked in the CA PAM log folder and the Sun Solaris Authlog