Logging in to Linux with Use My Account

You can log in to an enrolled Linux system with the same account that you use when you log in to the Admin Portal, and you can do this either from the Admin Portal or by using a native application that uses SSH, SCP, or SFTP.

In particular, you can do this in either of the following scenarios:

  • The system has the cloud client installed and the system is enrolled in the platform.
  • The system has the Server Suite agent installed and the system is joined to Active Directory and there is a connector installed in the domain.

You can log in to an enrolled Linux system without having to first log in to the Admin Portal by using a vaulted account, manual login, or Use My Account (UMA). For details on logging in with a vaulted or manual account, see Accessing remote systems

Prerequisites for logging in to Linux systems with Use My Account

Before you can use this feature, you need the following:

To summarize, depending on your deployment scenario for a Linux system, here's what you'll need:

Requirements Cloud client (target system is enrolled in the platform) Server Suite agent (target system is joined to Active Directory)
Permissions user account in Admin Portal with AgentAuth permission Active Directory user account

System settings

Target system needs to have Use My Account enabled

Target system needs to have Use My Account enabled

Settings > Authentication > Signing Certificates a valid signing certificate a valid signing certificate

If the system is using both the cloud client (enrolled in the platform) and the Server Suite agent, your user account must have AgentAuth permission.

Accounts and hostnames needed for logging in to Linux systems with Use My Account

Here are the accounts and hostnames that you'll need for this procedure:

  • Connector hostname or IP address
  • A valid user account:
    • If the system is enrolled in the platform using the cloud client, you can use your user name in the Admin Portal, with tenant suffix. For example, joe.user@acme.com.
    • If the system is joined with Active Directory with the Server Suite agent, you can use your Active Directory user account.
  • The target system's hostname (this is the system that you want to log in to)
  • The "me" account. This is a local account that the service creates automatically but it's normally hidden from view.

Note:   If you have already configured a local Linux account named "me" you can contact Centrify Technical Support to configure this feature to use a different name for this special, local account.

Connection string combinations for logging in to Linux systems with Use My Account

When specifying which systems to connect to using which accounts, you can use a few different combinations, depending on what you want to do.

In general, here's the format for the connection string:

me@targetsystem@user@domainsuffix@connectorsystem

  • targetsystem: You can specify a hostname or IP address for this Linux system. For example, target-redhat.acme.com or 172.20.20.250. If specifying a hostname, be sure to use the fully qualified domain name (FQDN).
  • user@domainsuffix: This is either your Admin Portal user account or your Active Directory user account, depending on your deployment scenario. For example, joe.user@acme.com.
  • connectorsystem: You specify the Windows system where the cloud connector is installed. For example, connector-win.acme.com.

A connection string doesn't have to contain all these parts. The service will prompt you for anything that is needed that you don't specify in a connection string (such as a password or additional authentication controls).

Logging in to the target Linux system with Use My Account

You can connect to a Linux system by way of Use My Account (UMA) using SSH, FTP, or SCP, the process is the same. You connect to the desired system by way of the connector system.

To log in to an enrolled Linux system with Use My Account:

  • Initiate an SSH, SFTP, or SCP session either from a Windows or UNIX system.

    For example, if you're doing an SSH session from Windows, specify the Windows connector system as the computer name and then specify a connection string that includes your user accounts and the target system details. For example:

    me@172.20.20.250@joe.user@acme.com or

    me@target-redhat.acme.com@joe.user@acme.com

    If you're doing an SSH session from UNIX or Linux, you can specify some or all of the connection details in the SSH command. For example:

    ssh me@172.20.20.250@joe.user@acme.com@connector-win.acme.com or

    ssh me@target-redhat.acme.com@joe.user@acme.com@connector-win.acme.com

    You'll be prompted for any details that you didn't provide in the connection string, such as your password or additional authentication credentials.