PuTTY is a popular open source Windows utility that lets you log in to remote Linux and UNIX computers. (For more information about PuTTY, see the PuTTY Home Page.) The baseline PuTTY utility does not support Kerberos GSS key-exchange, and is frequently deployed in environments where users log in using root, shared service or local accounts. To enhance security and enable single sign-on with your Active Directory account, Centrify delivers a packaged and tested version of PuTTY that works seamlessly with UNIX and Linux systems that have been joined to Active Directory using the Centrify Suite or Centrify Express. Centrify also enables you to centrally configure security settings for PuTTY using Windows Group Policy.
You can download the Centrify-enabled version of PuTTY along with Centrify Express, our free Active Directory-based solution for authentication and single sign-on to cross-platform systems.
When the Centrify DirectControl Agent is installed on a UNIX or Linux computer, it sets up a Kerberos environment in order to communicate securely with Active Directory. Centrify has recompiled the open source Windows PuTTY client with the DirectControl Kerberos libraries, enabling PuTTY to connect securely via SSH (Secure Shell) to DirectControl-managed systems. If a user has previously authenticated to Active Directory, they enjoy transparent single sign-on and are not challenged to log in again because the DirectControl-managed system will honor their Kerberos ticket. If a user has not previously authenticated to Active Directory, they will be challenged to log in. They can log in with their Active Directory credentials, or they can log in with any UNIX account that is managed within Active Directory using DirectControl. In either case, access to that computer is controlled through the user's Active Directory account, ensuring that access controls and Group Policies for that user are respected.
Centrify has customized the SSH Kerberos property page (see the screenshot). When the Attempt Kerberos Auth (SSH-2) option is checked, the Centrify-Enabled version of PuTTY will try to connect to remote systems using Kerberos first. Additional options let you specify how PuTTY searches for computers to connect to, and how user names, Kerberos credentials, and passwords are handled. You can control these settings globally through Group Policy. Centrify provides a user manual that documents these settings (along with installation steps and other instructions).
Centrify has added only Kerberized SSH functionality. Other connections such as rlogin and telnet are not affected, and all other features remain the same as in the official PuTTY open source release. You can use the Centrify-Enabled version of PuTTY with systems that have not been secured through Active Directory using DirectControl, but of course you do not receive the security and compliance benefits of using the two together.
With the Centrify Suite you have the ability to use Windows Group Policy to globally apply security and configuration settings across mixed UNIX, Linux and Mac systems. The Centrify installer for the Centrify-Enabled PuTTY includes a Group Policy Object administrative template that you can use to globally control the configurable PuTTY settings, including the Kerberos options for SSH connections that Centrify has added. For example, you can control:
The baseline PuTTY utility does not support Kerberos GSS key-exchange, and it is frequently deployed in environments where users log in using root, shared service or local accounts, which prevents security managers from assigning access rights and privileges based on an individual user's role, and prevents IT compliance auditors from linking actions taken on audited systems with specific individuals.
By deploying the Centrify-Enabled PuTTY utility for remote access to DirectControl-managed UNIX and Linux systems, you gain the following benefits:
Centrify-Enabled PuTTY Supported Operating SystemsShow More Detail Supported Recent Addition Early Access
|XP, 2000, 2003, 2003 R2, Vista, 2008, 7 x86|
|XP, 2003, 2003 R2, Vista, 2008, 2008 R2, 7 x86_64|
Centrify-Enabled PuTTY Supported Operating SystemsShow Less Detail Supported Recent Addition Early Access
|2000 Pro x86|
|2000 Server x86|
|2003 R2 x86|
|2003 R2 x86_64|
|2008 R2 x86_64|