20 August,19 at 07:40 AM
Question:
How to allow remote root execution of commands without allowing remote login by root using Centrify-OpenSSH?
Answer:
In Centrify Infrastructure Services Release 19.6 Centrify-OpenSSH, we have added a feature to allow remote root execution of commands without allowing remote login by root. Where you can set PermitRootExec to "yes" to allow remote root execution of commands while PermitRootLogin is set to no. The default PermitRootExec is "no" and if PermitRootLogin is "yes", such option will be ignored.
1. Install Centrify Infrastructure Services Release 19.6 along with the Centrify-OpenSSH package
2. Edit Centrify-sshd config file at /etc/centrifydc/ssh/sshd_config with the following:
PermitRootLogin no
PermitRootExec yes
4. Restart Centrify-sshd service by running:
# service centrify-sshd restart
or
# systemctl status centrify-sshd.service