Configuring secure shell parameters

The following parameters apply to specific usage for SSH.

ServiceAuthLocation

Uncomment this line in sshd_config to enable the SSH application right feature. Refer to the pre-defined scp, sftp, and winscp for how to utilize this feature. Default is disable.

AuditSshCommandline

Set this parameter in sshd_config to yes if the command line options are displayed in the audit trail message. Default is no.

krb5ccUnique

Set this parameter to yes to specify when storing the Kerberos credentials cache. Centrify sshd generates a unique credential cache name for it. If this parameter is set to no, the old style credential cache name, krb5cc_<uid> or KCM:<uid>, is used.

SSOMFA

Set this parameter is yes to support Single Sign-On (SSO) with Multi- Factor Authentication (MFA). The MFA order is determined by the AuthenticationMethods keyword in sshd_config. This keyword works only when UsePAM is enabled and the Centrify keyword ServiceAuthLocation is set. Default is no.

Note: MFA is not supported for authentication using public key.