How to manually set up a Chef node?

I have a Chef server running on Ubuntu 14.04 (see Note 1) and I can access the "Chef Manage" website by visiting the IP address (mychefserver.myorg.com) in my browser.

I have a workstation running on Mac OS X El Capitan (see Note 2) and I can connect to the Chef server using knife ssl check and knife client list.

The problem: knife won't bootstrap my third machine (mynode.myorg.com) as a node.

$ knife bootstrap mynode.myorg.com --sudo --ssh-user myname --forward-agent --node-name mynode
Creating new client for mynode
Creating new node for mynode
Connecting to mynode
Failed to authenticate myname - trying password auth
Enter your password: stty: 'standard input': unable to perform all requested operations

ERROR: Net::SSH::AuthenticationFailed: Authentication failed for user myname@mynode@mynode

mynode.myorg.com is a corporate machine. SSH is set up to allow only certificate-based authentication. SSH with password and SSH with private key is disallowed.

It seems to me that since knife bootstrap uses password- or key-based SSH, and since I can reach a command line on the node by simply running ssh mynode.myorg.com, my best option is to SSH into the node and set Chef up manually. Unfortunately, there is no documentation for how to create a Chef node that doesn't involve invoking knife bootstrap from a workstation.

What commands do I have to run locally on the node to recreate the work performed by knife bootstrap?

---

Note 1: Chef Server 12.4.1 setup steps

$ wget https://packagecloud.io/chef/stable/packages/ubuntu/trusty/chef-server-core_12.4.1-1_amd64.deb/download
$ dpkg -i download
$ cat > /etc/opscode/chef-server.rb
server_name = 'mychefserver.myorg.com'
api_fqdn server_name
bookshelf['vip'] = server_name
nginx['url'] = "https://#{server_name}/"
nginx['server_name'] = server_name
nginx['ssl_certificate'] = "/var/opt/opscode/nginx/ca/#{server_name}.crt"
nginx['ssl_certificate_key'] = "/var/opt/opscode/nginx/ca/#{server_name}.key"
^D
$ chef-server-ctl reconfigure
$ chef-server-ctl install opscode-manage
$ chef-server-ctl reconfigure
$ opscode-manage-ctl reconfigure
$ chef-server-ctl install opscode-reporting
$ chef-server-ctl reconfigure
$ opscode-reporting-ctl reconfigure
$ chef-server-ctl user-create myname My Name [email protected] mypassword --filename myname.pem
$ chef-server-ctl org-create myorg "My Org" --association_user myname

---

Note 2: ChefDK 0.11.2 workstation setup steps

$ wget URL: https://opscode-omnibus-packages.s3.amazonaws.com/mac_os_x/10.11/x86_64/chefdk-0.11.2-1.dmg
$ hdiutil mount chefdk-0.11.2-1.dmg
$ installer -package '/Volumes/Chef Development Kit/chefdk-0.11.2-1.pkg' -target '/Volumes/Macintosh HD'
$ hdiutil unmount '/Volumes/Chef Development Kit/'
$ chef generate app chef-repo
$ cd chef-repo
$ mkdir .chef
$ cat > .chef/myname.pem
-----BEGIN RSA PRIVATE KEY-----
# …snip…
-----END RSA PRIVATE KEY-----
^D
$ cat > .chef/knife.rb
log_level        :info
log_location     STDOUT
node_name        'myname'
client_key       "#{__dir__}/myname.pem"
chef_server_url  'https://mychefserver.myorg.com/organizations/myorg'
cookbook_path    ["#{__dir__}/../chef-repo/cookbooks"]
^D
$ knife ssl fetch

Take care, if you try a ssl fetch with your client.rb you will received this message : ERROR: ArgumentError: Cannot sign the request without a client name, check that :node_name is assigned

For windows client?