× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

Looking for an OSX SSH client.

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 4
Registered: ‎08-10-2016
#1 of 8 1,690

Looking for an OSX SSH client.

Is there a Centrify openssh client for Mac OSX?  Looking for a "centrified" version of openssh that will use smart card authentication to connect to a Tectia SSH server...

Centrify Guru I
Posts: 1,693
Registered: ‎07-26-2012
#2 of 8 1,687

Re: Looking for an OSX SSH client.

[ Edited ]

@Chan,

 

Welcome to the forums.

No such thing as a "Centrify OS X SSH client"

 

At the end of the day, when you sign-in with your smartcard to a mac, you are getting a Kerberos TGT.

If your SSH client and Server are configured correctly, you should get SSO.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 4
Registered: ‎08-10-2016
#3 of 8 1,685

Re: Looking for an OSX SSH client.

Consider the situation where one doesn't authenticate into the Mac
with a smartcard -- just a normal user/pass combo. They then want to
use the certificate on the smartcard to authenticate to a remote
system via SSH.

( Scenario being a personal system with a work-issued smartcard for
work authentication )

This is feasible on a Linux system, using the '-I' argument to ssh.
Attempting that tactic using the Centrify tokend pkcs11.so library
doesn't work...

ssh -I /usr/local/share/centrifydc/lib/pkcs11/tokendPKCS11.so remote-host

Under linux, one gets prompted for the SC passphrase/pin.
Under OSX, no such prompt appears, implying its not a valid library.

Ideas?


Centrify Guru I
Posts: 1,693
Registered: ‎07-26-2012
#4 of 8 1,684

Re: Looking for an OSX SSH client.

[ Edited ]

@Chan,

 

We have reached out to someone from your field team who should be contacting you shortly.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 2
Registered: ‎08-19-2013
#5 of 8 1,243

Re: Looking for an OSX SSH client.

We are trying to utilize CAC credentials with built-in ssh client on Mac OS X 10.10 and above as well. Would you please let me know how this was resolved or point me to the resolution?

 

-Mike

mike.shelby@noaa.gov

Participant II
Posts: 4
Registered: ‎08-10-2016
#6 of 8 1,241

Re: Looking for an OSX SSH client.

Mike,

The built-in SSH client on Mac OS X 10.10 has no support for the CAC.   You need to use an SSH client (and server) that pass along the x509 certificate.  Tectia has offerings for Linux and Windows, with a MacOS client in pre-release.

 

Hope this helps,

 

--Chan

Participant II
Posts: 2
Registered: ‎08-19-2013
#7 of 8 924

Re: Looking for an OSX SSH client.

I wanted to share this update on a Mac Tectia client. If anyone has success getting ssh to pass CAC credentials please share. -Mike

 

On 1/24/17 8:24 AM, Gary Mitchell Gary.Mitchell@sshgov.com wrote:
Hi Mike,

The new client is expected to be released in the March timeframe. You can expect the released version to be easier to install and configure. 

The final list of additions to the preview version are currently being reviewed by Jeff.

I hope this answers your questions? If not, please feel free to contact me. Thanks.

Best Regards,
Gary


Centrify Contributor II
Posts: 19
Registered: ‎04-16-2014
#8 of 8 908

Re: Looking for an OSX SSH client.

Hi Chan,

 

I'm curious if you have tried our instructions on configuring this using the following KB article:

 

https://centrify.force.com/support/Centrify_KB_ArtDetail?Id=kA080000000H1pxCAC

 

You will need a Centrify Support account to access the link above.