Problem: While migrating from stock openssh to Centrify openssh, ssh logins fail after uninstalling stock openssh.
Cause: When removing stock openssh with the command yum remove openssh the package is uninstalled along with its dependencies. But the pam stack is also changed and the sshd file is removed.
ls /etc/pam.d can be executed to confirm the missing sshd file is the issue.
In /var/log/centrifydc.log the following error might be found as well.
Dec 30 10:25:57 machine001 adclient[71805]: INFO AUDIT_TRAIL|Centrify Suite|Centrify sshd|1.0|105|SSHD denied|5|user=dwirth(type:ad,dwirth@ocean.net) pid=73230 utc=1544557197956 centrifyEventID=27105 DASessID=N/A DAInst=N/A status=DENIED service=ssh-connection tty=(no tty) authMechanism=keyboard-interactive client=xxx.xxx.xxx.xxx reason=AUTH_FAIL_KBDINT(failed in keyboard interactive authentication.) MfaRequired=false EntityName=ocean.net\\machine001
Workaround: 1)Do not uninstall stock openssh, it is disabled after the installation of Centrify OpenSSH is complete.
2)Take a backup of the
/etc/pam.d/sshd before uninstalling stock openssh and restore it afterwards.