ssh

[Srinivas Cheruku]

1. Apply the Kerberos patch and then the Openssh-gssapi patch.

2. Run the autoreconf after applying the patches. (autoreconf version should
be later than 2.50)

#autoreconf 

3. # ./configure --with-pam --with-kerberos5=<MIT Kerberos Installation
path>

--sysconfdir=/etc/ssh

4. #make

5. #make install

No need of changing the /etc/ssh/sshd_config file. By default it makes use

of Kerberos Authentication.

6.Start the sshd daemon.

# /usr/local/sbin/sshd

#

7. Get a TGT from the MIT KDC.

$./kinit -f user at REALM.COM

Extract the service key of the host principal to keytab file.

8. Connect to the sshd server using ssh client

$ ssh -v hostname

Then, the ssh client contacts MIT KDC and gets a service ticket for host. It
also forwards the TGT to the secure shell.

9. When you type klist in the shell, then you can see the forwarded TGT.

Good Luck,

Srini

-----Original Message-----
From: klaas hagemann [mailto:klaas at northsailor.de]
Sent: Thursday, April 11, 2002 1:36 PM
To: Srinivas Cheruku; kerberos at mit.edu
Subject: Re: ssh


SSH Kompiling seems to be ok, i compiled it without errors with
./configure --with-pam --with-kerberos5=/usr/local 
 
Befort i applied the patches and ran autoconf.
 
I am not sure with these configuratioen files, is it possible für you to
send me yours?
 
Thanks,
Klaas
 
----- Original Message ----- 

From: Srinivas Cheruku <mailto:csri at sonata-software.com>  
To: kerberos at mit.edu <mailto:kerberos at mit.edu>  
Sent: Thursday, April 11, 2002 5:46 AM
Subject: RE: ssh

Run the ssh client in verbose mode.
$ssh -v hostname