Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0277: Using Public Key Authentication with Centrify OpenSSH

Authentication Service ,  

12 April,16 at 11:12 AM

Question:

How to enable Centrify OpenSSH to work with public key authentication?


Answer:

If you want to enable Centrify's distribution of OpenSSH to work with public key authentication between two Unix hosts, the following procedure will help you enable that capability:

1) Uncomment the following lines in /etc/centrifydc/ssh/sshd_config: #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys

2) On the SSH client:

a) Make sure your .ssh directory permissions are 700: chmod 700 ~/.ssh
b) Generate the key: ssh-keygen -q -f ~/.ssh/id_rsa -t rsa [You can use a passphrase or not. If you use one (recommended), you'll be prompted for it whenever you ssh with the public key.]
c) You may want to lock down the file permissions at this point: $ chmod go-w ~/ $ chmod 700 ~/.ssh $ chmod go-rwx ~/.ssh/*
 
3) Then, copy the public portion of the key to the server you want to ssh to: scp ~/.ssh/id_rsa.pub your.servername.here: (note that the : at the end should be included in the syntax)

4) On the server:
a) change the directory permissions: $ chmod 700 ~/.ssh
b) put the keypair into the authorized_keys file: $ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
c) change the file permissions of the authorized_keys file: $ chmod 600 ~/.ssh/authorized_keys
d) remove the old public key file: $ rm ~/id_rsa.pub ....This should allow you to do public key ssh. You will need to uncomment those lines in /etc/centrifydc/ssh/sshd_config for any machine you use as an ssh client for this purpose.


Note:
To test, if you opted to use a passphrase, when you ssh to the server, it should prompt you for the public key passphrase now.

Related Articles

 article[How to] Force Kerberos SSH Authentication, and Disable SSH Public Key Authentication articleKB-1883: Unable to receive a Kerberos ticket upon login when using public key method articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? article[HOWTO] Configure Squid Proxy for Kerberos Authentication Using Centrify's keytabs