Authenticating with a single-use SSH Certificate

In some environments, it is useful to be able to log on to selected computers using authentication that doesn’t require a password. The Use My Account feature allows you to enable secure shell sessions that do not require a password for the following Centrify-managed computers:

  • Computers joined to an Active Directory domain using the Centrify Agent for *NIX or Centrify Agent for Windows.
  • Computers registered in the Centrify Privileged Access Service using the Centrify Client for Linux or Centrify Client for Windows.

For example, if you use a smart card to authenticate your identity, authentication relies on a public and private key exchange using encrypted certificates instead of a password or personal identification number.

Note:   This feature is now supported for Centrify web-based SSH client sessions and if you are accessing a target system using native SSH clients.

The following is an overview of the steps required to enable Use My Account using the Centrify browser-based secure shell client (detailed instructions are provided in subsequent sections):

  • Verify the computers you want to access remotely meet basic system requirements.
  • Determine which SSH daemon version is running on the target system.
  • Download the SSH master key file, which is a public file that must be installed on each target system you want to access.
  • Update the system settings in the Admin Portal to identify the computers you have configured to use the SSH master key and existing accounts.

  • Modify the sshd_config file on each target system.