User16699974740681484987 (Customer) asked a question.
I have a setup where the bastion is enrolled into Okta ASA and am able to access this bastion host using Okta ASA.
My usecase is to access a different server (which is not enrolled into Okta ASA and ssh works using username/password) through the above bastion host.
When I try that I always get the following error.
The setup is like : Client -------> GCP Bastion Host (ASA Enrolled) --------> GCP VM (dev-oregon)
user@WDTQ7XTJGR ~ % ssh dev-oregon
channel 0: open failed: administratively prohibited: open failed
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
user@WDTQ7XTJGR ~ %
My ssh config :
Host dev-oregon
ProxyCommand ssh <Bastion Host> -W %h:%p
IdentitiesOnly yes
User dev
Hi @User16699974740681484987 (Customer) , Thank you for reaching out to the Okta Community!
I ran this scenario by my ASA colleagues and they mentioned that the target server would have to also be enrolled.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Upvote or Select as Best on responses. Try it today.