Question:
How to enable Centrify OpenSSH to work with public key authentication?
Answer:
If you want to enable Centrify's distribution of OpenSSH to work with public key authentication between two Unix hosts, the following procedure will help you enable that capability:
1) Uncomment the following lines in /etc/centrifydc/ssh/sshd_config: #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys
2) On the SSH client:
a) Make sure your .ssh directory permissions are 700: chmod 700 ~/.ssh
b) Generate the key: ssh-keygen -q -f ~/.ssh/id_rsa -t rsa [You can use a passphrase or not. If you use one (recommended), you'll be prompted for it whenever you ssh with the public key.]
c) You may want to lock down the file permissions at this point: $ chmod go-w ~/ $ chmod 700 ~/.ssh $ chmod go-rwx ~/.ssh/*
3) Then, copy the public portion of the key to the server you want to ssh to: scp ~/.ssh/id_rsa.pub your.servername.here: (note that the : at the end should be included in the syntax)
4) On the server:
a) change the directory permissions: $ chmod 700 ~/.ssh
b) put the keypair into the authorized_keys file: $ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
c) change the file permissions of the authorized_keys file: $ chmod 600 ~/.ssh/authorized_keys
d) remove the old public key file: $ rm ~/id_rsa.pub ....This should allow you to do public key ssh. You will need to uncomment those lines in /etc/centrifydc/ssh/sshd_config for any machine you use as an ssh client for this purpose.
Note:
To test, if you opted to use a passphrase, when you ssh to the server, it should prompt you for the public key passphrase now.