Centrify sshd
Centrify sshd is Centrify's enhanced version of OpenSSH. This software program uses the secure shell protocol to connect to a remote computer. Centrify sshd audit events identify DZ SSH rights and SSHD activities.
Centrify sshd Audit Event Log Sample
The following is a sample of an audit event log for Centrify Audit Event ID 27000. This log sample documents the rights granted to the DZ SSH shell client. The change was made by user=dwirth(type:ad,dwirth@acme.vms) on April 4 at 01:04:15.
Apr 4 21:04:15 engcen6 adclient[1749]: INFO
AUDIT_TRAIL|Centrify Suite|Centrify sshd|1.0|0|DZ SSH right
granted|5|user=dwirth(type:ad,dwirth@acme.vms) pid=7461
utc=1459784055474 CentrifyEventID=27000
DAInst=AuditingInstallation DASessID=c72252aa-e616-
44ff-a5f6-d3f53f09bb67 status=GRANTED
service=dzssh-shell client=192.168.81.11
Centrify sshd Audit Events
Centrify sshd Audit Events
Starting in the Verify Privilege Server Suite 2023.1 release, the scp command's default protocol is now the sftp protocol.
When scp uses the sftp protocol (the default configuration):
-
Audit events 27000 and 27001 list the service as
dzssh-sftp. -
Success or failure events are listed as 27300 (success) or 27301 (failure) instead of 27200 (success) and 27201 (failure).
When scp uses the scp protocol (specified by the option
-O): -
Audit events 27000 and 27001 list the service as
dzssh-scp. -
Success or failure events are listed as 27200 (success) and 27201 (failure).
| Event Id | Description | Parameters |
|---|---|---|
| 27000 | DZ SSH right granted | service: service client: client |
| 27001 | DZ SSH right denied | service: service client: client reason: error message |
| 27100-Deprecated | SSHD granted This event has been deprecated. Use Centrify Event Id 27104 introduced in release 2017.3 instead. | service: service tty: tty authMechanism: authentication type client: client sshRights: ssh rights command: command |
| 27101-Deprecated | SSHD denied This event has been deprecated. Use Centrify Event Id 27105 introduced in release 2017.3 instead. | service: service tty: tty authMechanism: authentication type client: client reason: error message |
| 27102 | SSHD connection close successfully | service: service tty: tty authMechanism: authentication type client: client reason: error message |
| 27104 | SSHD granted added in release 2017.3 | service: service tty: tty authMechanism: authentication type client: client sshRights: ssh rights command: command MfaRequired: whether user was required to do MFA EntityName: Entity Name |
| 27105 | SSHD denied added in release 2017.3 | service: service tty: tty authMechanism: authentication type client: client reason: error message MfaRequired: whether user was required to do MFA EntityName: Entity Name |
| 27200 | SCP succeeded added in release 18.8 | dataFlowType: send a file/directory to remote machine or receive a file/directory from remote machine fileType: file or directory path name: the full path name of file or directory |
| 27201 | SCP failed added in release 18.8 | dataFlowType: send a file/directory to remote machine or receive a file/directory from remote machine fileType: file or directory pathname: the full path name of file or directory reason: Error message |
| 27300 | SFTP command execution succeeded added in release 18.8 | operation: SFTP command arguments: the arguments of SFTP command |
| 27301 | SFTP command execution failed added in release 18.8 |