Authenticating with a single-use SSH Certificate

In some environments, it is useful to be able to log on to selected computers using authentication that doesn’t require a password. The Use My Account feature allows you to enable secure shell sessions that do not require a password for the following Centrify-managed computers:

  • Computers joined to an Active Directory domain using the Centrify Agent for *NIX or Centrify Agent for Windows.
  • Computers registered in the Centrify Privileged Access Service using the Centrify Client for Linux or Centrify Client for Windows.

For example, if you use a smart card to authenticate your identity, authentication relies on a public and private key exchange using encrypted certificates instead of a password or personal identification number.

Note:   This feature is now supported for Centrify web-based SSH client sessions and if you are accessing a target system using native SSH clients.

The following is an overview of the steps required to enable Use My Account using the Centrify browser-based secure shell client (detailed instructions are provided in subsequent sections):

  1. Verify the computers you want to access remotely meet basic system requirements. For details, see Prerequisites for Use My Account.

  2. Determine which SSH daemon version is running on the target system. For details, see Confirming the SSHD version.

  3. Download the SSH master key file, which is a public file that must be installed on each target system you want to access. For details, see Downloading the SSH master key file.

  4. Update the system settings in the Admin Portal to identify the computers you have configured to use the SSH master key and existing accounts. For details, see Updating system settings to allow Use My Account.

  5. Modify the sshd_config file on each target system. For details, see Modifying the SSHD configuration file for the Centrify Client.