Authenticating with a single-use SSH Certificate
In some environments, it is useful to be able to log on to selected computers using authentication that doesn’t require a password. The Use My Account feature allows you to enable secure shell sessions that do not require a password for the following Centrify-managed computers:
- Computers joined to an Active Directory domain using the Centrify Agent for *NIX or Centrify Agent for Windows.
- Computers registered in the Centrify Privileged Access Service using the Centrify Client for Linux or Centrify Client for Windows.
For example, if you use a smart card to authenticate your identity, authentication relies on a public and private key exchange using encrypted certificates instead of a password or personal identification number.
Note: This feature is now supported for Centrify web-based SSH client sessions and if you are accessing a target system using native SSH clients.
The following is an overview of the steps required to enable Use My Account using the Centrify browser-based secure shell client (detailed instructions are provided in subsequent sections):
- Verify the computers you want to access remotely meet basic system requirements.
- Determine which SSH daemon version is running on the target system.
- Download the SSH master key file, which is a public file that must be installed on each target system you want to access.
-
Update the system settings in the Admin Portal to identify the computers you have configured to use the SSH master key and existing accounts.
-
Modify the sshd_config file on each target system.