Downloading the tenant SSH public key

There's a script called dadownloadsshpublickey.tcl that downloads the tenant's SSH public key. With the public key and the centrify_cip_da_data environment variable, the auditing service can determine which audit sessions are duplicates and remove them.

The agent installer puts this tcl script into /usr/bin, except for CoreOS systems where the installer puts the script into /opt/centrify/bin. This script requires root privilege to run. The output file specified by dad for the script is /var/centrifyda/tenant_rsa.pub.

If dad fails to download the public key or if you need to change the public key after dad has started, you can manually run this tcl script.

/usr/bin/dadownloadsshpublickey.tcl --output-file /var/centrifyda/tenant_rsa.pub

Use the following options when you run this script:

  • --cip, --i <cloud tenant URL>
  • This option is optional.

    If the computer is not joined to the domain currently, use this option to specify the cloud tenant URL. If you don't use this option, the script finds the URL automatically if the computer is joined to the domain.

  • --output-file, -o <file>
  • This option is required.

    Use this option to specify the output filename for the tenant's SSH public key. This file must be in a parent directory that is writable by root only and the directory cannot be a symlink.