Configuring SSH to require SecurID
When setting up the SecurID product you must make some configuration changes to the sshd configuration files.
If you are using the Centrify openSSH product you must make some configuration changes to support token authentication. The Centrify openSSH is configured to attempt Kerberos single sign-on whenever a user logs in. This means that the user is not prompted for their user name or password. This capability must be disabled if you want to prompt users for token authentication.
To configure SSH to require a SecurID token:
Edit the /etc/centrifydc/ssh/ssh_config file and comment out the lines for the following items:
# Configuration for Centrify DirectControl: Host *
Edit the /etc/centrifydc/ssh/sshd_config file and comment out the lines for the following items:
In the /etc/centrifydc/ssh/sshd_config file, be sure that the PrintMotd and UsePam settings are set as followings:
- Restart sshd to ensure the changes take effect.