PKI Authentication for SSH Stopped Working after SSH Decryption was Enabled

PKI Authentication for SSH Stopped Working after SSH Decryption was Enabled

17000
Created On 09/25/18 19:43 PM - Last Modified 06/14/23 07:25 AM


Resolution


Symptoms

After enabling SSH decryption, authenticating to hosts with a certificate no longer works. Authentication still works with a manual password.

Issue

Once you enable ssh decryption on the firewall the ssh client no longer uses the public key used to gain access to devices. The ssh client can still login to the devices with user name and password but public key authentication (passwordless) fails.

Workaround

Configure your ssh decryption policy to exclude the systems that require public key authentication.

Edit the ssh decrytion policy, go into the the destination tab and add the IP addresses to be excluded into the 'Destination Address' tab then check the Negate box.

dcrypt.jpg

owner: jteetsel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbcCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language