Modifying the SSHD configuration file for DirectControl

If a computer is joined to an Active Directory domain using the DirectControl agent, add lines similar to the ones indicated in this procedure to specify the name and location of the downloaded SSH master key file in the sshd_config file.

  1. Locate the sshd_config file based on the following:

    • If you are using standard OpenSSH, use the following file: vi /etc/ssh/sshd_config
    • If you are using Centrify-compiled OpenSSH, use the following file: vi /etc/centrifydc/ssh/sshd_config
  2. Determine the computer type and then set the AuthorizedPrincipalsCommand property in the sshd_config file to one of the following:

    Computer type SSHD config file line
    Standard

    TrustedUserCAKeys /etc/ssh/centrify_tenant_ca.pub

    AuthorizedPrincipalsCommand /usr/bin/adquery user –P %u AuthorizedPrincipalsCommandUser root

    CoreOS

    AuthorizedPrincipalsCommand /opt/centrify/bin/adquery user –P %u

  3. Restart the sshd program after updating the configuration for the changes to take effect.

    For example, as root you might run one of the following commands to restart the daemon:

    • systemctl restart centrify-sshd
    • service centrify-sshd restart