Modifying the SSHD configuration file for the Server Suite Agent

If a computer is joined to an Active Directory domain using the Server Suite Agent, add lines similar to the ones indicated in this procedure to specify the name and location of the downloaded SSH master key file in the sshd_config file.

  1. Locate the sshd_config file based on the following:

    • If you are using standard OpenSSH, use the following file: /etc/ssh/sshd_config
    • If you are using Centrify-compiled OpenSSH, use the following file: /etc/centrifydc/ssh/sshd_config
  2. Determine the computer type and then set the AuthorizedPrincipalsCommand property in the sshd_config file to one of the following:

    Computer type SSHD config file line
    TrustedUserCAKeys /etc/ssh/
    AuthorizedPrincipalsCommandUser root
    AuthorizedPrincipalsCommand /usr/bin/adquery user -P %u
    AuthorizedPrincipalsCommand /usr/bin/adquery user -P %u
  3. Restart the sshd program after updating the configuration for the changes to take effect.

    For example, as root you might run one of the following commands to restart the daemon:

    • systemctl restart centrify-sshd
    • service centrify-sshd restart