<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
SSH to Target Server Fails With Error "security policies do not yet support servers with bastions"
Mar 10, 2026
Privileged Access
Okta Identity Engine
Overview

This article describes an error that occurs in Okta Privileged Access(OPA) when executing a sft ssh command.

C:\Users\Administrator>sft ssh Target_server
Waiting on browser...
Browser step completed successfully.
dial: SSH client setup: resolving hosts: connection info: security policies do not yet support servers with bastions or issuing credentials for more than one target at a time

Connection to Target_server closed.
exit status 255

 

The following error message is displayed:

 

security policies do not yet support servers with bastions or issuing credentials for more than one target at a time

 

Applies To
  • Okta Privileged Access (OPA)
  • ScaleFT (SFT)
  • Okta Identity Engine (OIE)
Cause

The issue occurs because OPA does not currently support the Bastion option.

Solution

To resolve this issue, remove or comment out any Bastion options from the server configuration file.

  1. Open the /etc/sft/sftd.yaml file on the SSH server.
  2. Locate any lines containing Bastion options.
  3. Delete or comment out these lines to disable the feature.
  4. Save and close the file.
  5. Restart sftd service using:  
    systemctl restart sftd

Recommended content

Still looking for help?
Loading
SSH to Target Server Fails With Error "security policies do not yet support servers with bastions"