Looking for an OSX SSH client.
08-10-2016 01:03 PM
Is there a Centrify openssh client for Mac OSX? Looking for a "centrified" version of openssh that will use smart card authentication to connect to a Tectia SSH server...
08-10-2016 01:28 PM
Welcome to the forums.
No such thing as a "Centrify OS X SSH client"
At the end of the day, when you sign-in with your smartcard to a mac, you are getting a Kerberos TGT.
If your SSH client and Server are configured correctly, you should get SSO.
08-10-2016 02:24 PM
with a smartcard -- just a normal user/pass combo. They then want to
use the certificate on the smartcard to authenticate to a remote
system via SSH.
( Scenario being a personal system with a work-issued smartcard for
work authentication )
This is feasible on a Linux system, using the '-I' argument to ssh.
Attempting that tactic using the Centrify tokend pkcs11.so library
ssh -I /usr/local/share/centrifydc/lib/pkcs11/tokendPKCS11.so remote-host
Under linux, one gets prompted for the SC passphrase/pin.
Under OSX, no such prompt appears, implying its not a valid library.
08-10-2016 02:30 PM
11-17-2016 06:34 AM
We are trying to utilize CAC credentials with built-in ssh client on Mac OS X 10.10 and above as well. Would you please let me know how this was resolved or point me to the resolution?
11-17-2016 07:03 AM
The built-in SSH client on Mac OS X 10.10 has no support for the CAC. You need to use an SSH client (and server) that pass along the x509 certificate. Tectia has offerings for Linux and Windows, with a MacOS client in pre-release.
Hope this helps,
01-26-2017 05:10 AM
I wanted to share this update on a Mac Tectia client. If anyone has success getting ssh to pass CAC credentials please share. -Mike
Hi Mike, The new client is expected to be released in the March timeframe. You can expect the released version to be easier to install and configure. The final list of additions to the preview version are currently being reviewed by Jeff. I hope this answers your questions? If not, please feel free to contact me. Thanks. Best Regards, Gary
01-26-2017 08:41 AM
I'm curious if you have tried our instructions on configuring this using the following KB article:
You will need a Centrify Support account to access the link above.