Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8047: sshd_config option 'Match Host' stops working after upgrading to Centrify Suite 2016.1

Centrify DirectControl ,  

30 December,16 at 09:58 PM

Applies to:
Centrify enabled OpenSSH packaged in Suite 2016.1 and up on all platforms.

Problem:
Configured 'Match Host' in Centrify enabled OpenSSH.  This option was working fine until upgraded to Centrify Suite 2016.1

Cause:
The Centrify enabled OpenSSH packaged in Suite 2016.1 is built base on Stock OpenSSH 7.2 while the previous version was based on Stock OpenSSH 6.7.

Starting from version 6.8, Stock OpenSSH has changed default value of option 'UseDNS' from yes to no, and this is the reason why 'Match Host' option using host name will not get resolved.


Resolution:
Modify sshd_config file:

for Centrify enabled OpenSSH
/etc/centrifydc/ssh/sshd_config

 for Stock OpenSSH
/etc/ssh/sshd_config 

change
#UseDNS no
to
UseDNS yes

restart sshd daemon then 'Match Host' configuration will start working again


 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.