Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-7050: How to Re-enable DSA keys when using OpenSSH 7.0 and above

Auditing and Monitoring Service ,   Authentication Service ,   DirectSecure ,   Mac & PC Management Service ,  

19 September,19 at 02:22 PM

Applies to: Any version of Centrify OpenSSH based on openssh 7.0 and higher

How to:
OpenSSH 7.0 now has DSA keys disabled by default due to security risks as reported by openssh. Release notes on this can be found here for more information. If DSA keys are still required when using the newer versions of openssh, there is a way to re-enable their use, however, It is recommended to change to using only RSA keys as soon as possible.

To re-enable DSA keys, please edit the following file:


(For stock openssh: /etc/ssh/sshd_config)

and scroll to the bottom. Please enter the following line into the bottom of the file:


NOTE: Please make sure both client side and server side has the configuration above. While on client side, please add the following entry into /etc/centrifydc/ssh/ssh_config:


You can then save and close the file and Centrify openssh should begin working normally using DSA keys again.


Related Articles

No related Articles