Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0277: Using Public Key Authentication with Centrify OpenSSH

Centrify DirectControl ,  

12 April,16 at 11:12 AM

Applies to:
Centrify Enabled OpenSSH 3.x, all supported OS'

Issue:
Enabling Centrify OpenSSH to work with public key authentication.

Solution:
If you want to enable Centrify's distribution of OpenSSH to work with public key authentication between two Unix hosts, the following procedure will help you enable that capability:

1) Uncomment the following lines in /etc/centrifydc/ssh/sshd_config: #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys

2) On the SSH client:
a) Make sure your .ssh directory permissions are 700: chmod 700 ~/.ssh
b) Generate the key: ssh-keygen -q -f ~/.ssh/id_rsa -t rsa [You can use a passphrase or not. If you use one (recommended), you'll be prompted for it whenever you ssh with the public key.]
c) You may want to lock down the file permissions at this point: $ chmod go-w ~/ $ chmod 700 ~/.ssh $ chmod go-rwx ~/.ssh/*
 
3) Then, copy the public portion of the key to the server you want to ssh to: scp ~/.ssh/id_rsa.pub your.servername.here: (note that the : at the end should be included in the syntax)

4) On the server:
a) change the directory permissions: $ chmod 700 ~/.ssh
b) put the keypair into the authorized_keys file: $ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
c) change the file permissions of the authorized_keys file: $ chmod 600 ~/.ssh/authorized_keys
d) remove the old public key file: $ rm ~/id_rsa.pub ....This should allow you to do public key ssh. You will need to uncomment those lines in /etc/centrifydc/ssh/sshd_config for any machine you use as an ssh client for this purpose.

Note: To test, if you opted to use a passphrase, when you ssh to the server, it should prompt you for the public key passphrase now.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.