20 August,19 at 07:40 AM
Question:
How to allow remote root execution of commands without allowing remote login by root using Centrify-OpenSSH?
Answer:
In Centrify Infrastructure Services Release 19.6 Centrify-OpenSSH, we have added a feature to allow remote root execution of commands without allowing remote login by root. Where you can set PermitRootExec to "yes" to allow remote root execution of commands while PermitRootLogin is set to no. The default PermitRootExec is "no" and if PermitRootLogin is "yes", such option will be ignored.
1. Install Centrify Infrastructure Services Release 19.6 along with the Centrify-OpenSSH package
2. Edit Centrify-sshd config file at /etc/centrifydc/ssh/sshd_config with the following:
PermitRootLogin no
PermitRootExec yes
4. Restart Centrify-sshd service by running:
# service centrify-sshd restart
or
# systemctl status centrify-sshd.service
KB-6041: How to show current license type in use by adclient
KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS
KB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)
KB-6040: How to change the license type in use after adclient successful joined to the AD?
KB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?
KB-6056: How to report the group policy settings that are in effect for the local computer?
KB-6038: How to specify the license type to use when joining the server to AD using adjoin?
HOWTO: Control privileged execution of applications across UNIX, Linux and Windows with Centrify
Least-Privileged Access and the Centrify Restricted Shell