The Engine is Configured Properly But a Connection to the Target Cannot Be Established

This section requires root access to the target server and assumes the target server has a recent version of OpenSSH/OpenSSL installed, configured correctly and running successfully.

  1. OpenSSH information:

    • PRA supports versions OpenSSH_7.4p1, OpenSSL 1.0.2k-fips and up to version OpenSSH_8.x, OpenSSL 1.1.1k.

    • The newest version of OpenSSH is 9.x. This version may function but is not yet fully supported.

    • Older versions may still function but are not supported.

       

2. Verify the configuration on the target server:

  • SSH into the Linux target server.

    Copy 
    ssh user@targetServer [-i /path/to/pubkey]

  • Sudo into root

    • Some Linux distributions require superuser privileges to run the following commands

  • Run the following command to verify SSH is installed and is a supported version:

Copy 
ssh -V

  • Run the following command to verify SSHD is running and listening for incoming connection requests:

    Copy 
    netstat -plnt

  • Look for sshd in the output of the above command in the column titled PID/Program name.

  • Check the Local Address column for SSHD and verify it is listening on port 22 i.e. 0.0.0.0:22

Accessing Logs on the Engine Server

The following command(s) will display a real time update to the users screen containing "Login" logs for the server. Type control c (^c) (hold down the "control" key then type the letter c) to exit the command on any operating system.

  • Debian/Ubuntu

    Copy 
    tail -f /var/log/auth.log

  • RHEL/Redhat 7 & 8/Amazon

    Copy 
    tail -f /var/log/secure

  1. Check if the users request is getting to the target server.

    • Run the command above

    • From the web UI select the secret for the target server you are logged into.

    • From the SSH shell check the logs:

      • Is the request showing up in the logs? If not then check the "Machine" data in the secret is correct.

  2. Check if the users request is being rejected:

    • Run the command above

    • From the web UI select the secret for the target server you are logged into.

    • From the SSH shell check the logs:

    • Does the log entry contain an error e.g. "Invalid user ", "Incorrect password" or "Invalid public key"? If so check the secret data and confirm the password, private/public key or key passphrase is correct.