SSH as root with different principal

Vladimir Terziev vladimir.terziev at sun-fish.com
Thu Jul 31 04:48:46 EDT 2003 

  Please supply the full debug output from `ssh -v' and I'll try to figure out the problem.


	Vlady


On Thu, 31 Jul 2003 09:37:29 +0200 (CEST)
Lukas Kubin <kubin at opf.slu.cz> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I tried it but it didn't work. I have
> 
> 1. created .k5login file in the root's home at remote server and put
> myrealusernam at MYREALM there
> 2. used the command "ssh -v root at theremoteserver"
> 
> But the server still wants me to authenticate using public key or password
> only. This is part of what it returned with the "-v" option:
> 
> ==========
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Next authentication method: external-keyx
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Next authentication method: gssapi
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> ==========
> 
> Both server and client are Debian Linux with kerberized OpenSSH (from the
> supplied package).
> What should I try next to make it work?
> Thank you.
> 
> lukas
> 
> On Wed, 30 Jul 2003, Steve Langasek wrote:
> 
> > On Wed, Jul 30, 2003 at 04:00:28PM +0200, Lukas Kubin wrote:
> >
> > > How can I login through SSH to administer a remote server? I mean, I have
> > > a principal, say "user" and need to authenticate using kerberized SSH to
> > > become root on the remote server.
> > > Thank you.
> >
> > If using gssapi or krb5 authentication, you would add that principal to
> > root's .k5login file; acquire a TGT for that user; and run
> > 'ssh root at server' or 'ssh -l root server'.  This will grant you
> > Kerberos-based access to the root account.
> >
> > --
> > Steve Langasek
> > postmodern programmer
> >
> >
> 
> - -- 
> Lukas Kubin
> 
> phone: +420596398285
> email: kubin at opf.slu.cz
> 
> Information centre
> The School of Business Administration in Karvina
> Silesian University in Opava
> Czech Republic
> http://www.opf.slu.cz
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Made with pgp4pine 1.75-6
> 
> iD8DBQE/KMc/hukdIiZrwu4RAsoAAJ9c2ECgX0L+gobc+mfESo8Y1K6YjwCgigGu
> 1zdOgKB73w3pXr5yeLvhkjc=
> =uLna
> -----END PGP SIGNATURE-----
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
>

More information about the Kerberos mailing list