SSH as root with different principal
Lukas Kubin
kubin at opf.slu.cz
Thu Jul 31 03:37:29 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I tried it but it didn't work. I have
1. created .k5login file in the root's home at remote server and put
myrealusernam at MYREALM there
2. used the command "ssh -v root at theremoteserver"
But the server still wants me to authenticate using public key or password
only. This is part of what it returned with the "-v" option:
==========
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: external-keyx
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
==========
Both server and client are Debian Linux with kerberized OpenSSH (from the
supplied package).
What should I try next to make it work?
Thank you.
lukas
On Wed, 30 Jul 2003, Steve Langasek wrote:
> On Wed, Jul 30, 2003 at 04:00:28PM +0200, Lukas Kubin wrote:
>
> > How can I login through SSH to administer a remote server? I mean, I have
> > a principal, say "user" and need to authenticate using kerberized SSH to
> > become root on the remote server.
> > Thank you.
>
> If using gssapi or krb5 authentication, you would add that principal to
> root's .k5login file; acquire a TGT for that user; and run
> 'ssh root at server' or 'ssh -l root server'. This will grant you
> Kerberos-based access to the root account.
>
> --
> Steve Langasek
> postmodern programmer
>
>
- --
Lukas Kubin
phone: +420596398285
email: kubin at opf.slu.cz
Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE/KMc/hukdIiZrwu4RAsoAAJ9c2ECgX0L+gobc+mfESo8Y1K6YjwCgigGu
1zdOgKB73w3pXr5yeLvhkjc=
=uLna
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list