DirectSecure, Authentication Service, Mac & PC Management Service, Auditing and Monitoring Service
OpenSSH 7.0 and above has DSA keys disabled by default for security reasons. It is recommended to use RSA keys only now but if DSA keys are still needed, this article describes how to re-enable them.
Applies to: Any version of Centrify OpenSSH based on openssh 7.0 and higher
How to: OpenSSH 7.0 now has DSA keys disabled by default due to security risks as reported by openssh. Release notes on this can be found here for more information. If DSA keys are still required when using the newer versions of openssh, there is a way to re-enable their use, however, It is recommended to change to using only RSA keys as soon as possible.
Process: To re-enable DSA keys, please edit the following file:
and scroll to the bottom. Please enter the following line into the bottom of the file:
NOTE: Please make sure both client side and server side has the configuration above. While on client side, please add the following entry into /etc/centrifydc/ssh/ssh_config:
You can then save and close the file and Centrify openssh should begin working normally using DSA keys again.