Your customer upgraded recently to version 12.2 to allow the Linux team to use the new MFA caching feature. The PSM for SSH was installed with default configuration settings. After setting the Authentication to SSH key and enabling MFA Caching from the PVWA interface, the Linux Team cannot connect successfully using the new MFA caching feature.
What is the most probable cause?
To use MFA caching in Integrated mode (where InstallCyberArkSSHD=Integrated), OpenSSH 7.8 or above is required on the PSM for SSH machine. Given that the PSM for SSH was installed with default configuration settings, and if OpenSSH 7.8 or above is not installed, this would prevent the Linux Team from successfully using the new MFA caching feature. The most probable cause for the issue is therefore the absence of OpenSSH 7.8 or above.
Sorry. Option A is correct. Because the question say PSM for SSH is installed with default configuration, so staring from version 12.0, the default installation mode of PSM for SSH is set to Integrated (InstallCyberArkSSHD = Integrated). To use MFA caching in Integrated mode ( InstallCyberArkSSHD=Integrated), OpenSSH 7.8 and above is required on the PSM for SSH machine. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.2/en/Content/PASIMP/MFA-Caching.htm?searchString=&from=0&sortby=_score&orderBy=desc&pageNo=1&aggregations=%5B%5D&uid=0d99d231-d8b2-11ea-8f5c-0242ac120009&resultsPerPage=10&exactPhrase=&withOneOrMore=&withoutTheWords=&pageSize=10&language=en&state=1&suCaseCreate=false#:~:text=To%20use%20MFA%20caching%20in%20Integrated%20mode%20(%20InstallCyberArkSSHD%3DIntegrated)%2C%20OpenSSH%207.8%20and%20above%20is%20required%20on%20the%20PSM%20for%20SSH%20machine.
B. The MFACaching parameter in the psmpparms file is not set to True. INVALID. Because that parameter doesn't exist. C. A passphrase policy must be added. INVALID Because passphrase policy is needed if you enable passphrase to greater security. But you can use MFACaching without passphrase. D. MFA caching is not supported when the PSM for SSH is deployed with default settings. INVALID. Because the question say MFACaching was enabled.
The answer is A. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.6/en/Content/PAS%20Cloud/ChangeServerKeys-cloud.htm?tocpath=Installation%7CInstall%20Privileged%20Access%20Manager%20-%20Self-Hosted%C2%A0in%20a%20cloud%20environment%7CInstall%20the%20Digital%20Vault%20on%20the%20cloud%7C_____14
This one is also a bit tricky in the sense that the default settings have MFA Caching disabled which would make either B. or D. correct however it specifically states that it was enabled via the PVWA and there is no MFACaching parameter in psmparms so that leaves the prerequisite for OpenSSH 7.8+ as the only reasonable cause. https://docs.cyberark.com/PAS/Latest/en/Content/PASIMP/MFA-Caching.htm#:~:text=OpenSSH%207.8%20and%20above%20is%20required%20on%20the%20PSM%20for%20SSH%20machine
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PASIMP/MFA-Caching.htm#Addapassphrasepolicy