SSH connectivity issues with CyberArk SIA and VPN

Learn how to troubleshoot issues when using SSH over CyberArk Secure Identity Access (SIA), specifically in environments where you're connecting via VPN.

Problem

It's not possible to launch SSH connections while connected to a VPN and using CyberArk SIA for authentication. This issue occurs because the IP address used to perform the MFA challenge is different from the IP address used to launch the SSH session.

Solution

To resolve this issue, disable client IP enforcement for MFA caching in the CyberArk SIA settings. This allows the system to rely on other factors than the client IP for MFA session continuity.

  1. Log in to the CyberArk SIA Admin Portal.

  2. Navigate to SIA Settings Client IP enforcement for MFA caching

  3. Disable SSH.

Devolutions Forum logo Give us Feedback