Unable to connect to target server via SSH using a passphrase protected key based authentication (4340572)

1. Using an SSH Agent to hold the private keys for user authentications on the initiating machine:

- Enable agent forwarding in SPS from the Authentication Policy: Expand SSH Control -> Authentication policies -> [policy name] -> Relayed authentication methods -> Public key -> Agent.

- Enable SSH Agent forwarding for inbound connections: (AllowAgentForwarding option in sshd_config) on the destination server side and other target servers.

- Verify SSH Agent forwarding is not blocked for the client (ForwardAgent option in ~/.ssh/config or /etc/ssh/ssh_config)

- Run an SSH agent on the client side and add the private keys to it:

For Windows using PuTTy as a client: Please download Pageant.exe which can be used as the SSH Agent to hold the private keys, see this link for an example.

For *nix machines: You can run the commands ssh-agent and ssh-add, see this link for an example.

- This would allow the user to login with his own private key via SPS using Agent Forwarding to target machines which has the public key added to ~/.ssh/authorized_keys file.

Note: you would need to use the -A switch when connecting from a *nix machine using command line, for example: ssh -A user@ip.address -p

2. Use a fixed static private key for the server side authentication:

- Storing a single private key in SPS under the following:

- Expand SSH Control -> Authentication policies -> [policy name] -> Relayed authentication methods -> Public key -> Fix

3. You may use a Credential Store: Local credential stores can be created at Policies -> Credential stores

- This requires gateway authentication to SPS first and then it would be an auto login using credential store.

- The Connection Policy will ignore the settings for server-side authentication (set under Relayed authentication methods) if a Credential Store is used in the Connection Policy.