K5/SSH last steps!! Need someone to help!

Sensei noone at nowhere.org
Tue Aug 31 10:29:19 EDT 2004 

I compiled by myself openssh 3.9p1, enabling pthreads and with 
--with-kerberos5. Now, I enabled kerberosauthentication and gssapi* in 
the daemon configuration files and I can get afs tokens and a k5 tgt 
after loggin in.

The problem is that I can't get a passwordless login process. If I set 
-o PreferredAuthentications=gssapi-wiht-mic I can't login. There follows 
some debugging informations.

===== CLIENT

milicchio at plm01 ~$ ssh -v -o PreferredAuthentications=gssapi-with-mic plm
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to plm [193.204.161.79] port 22.
debug1: Connection established.
debug1: identity file /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/identity 
type -1debug1: identity file 
/afs/dia.uniroma3.it/usr/m/milicchio/.ssh/id_rsa type -1
debug1: identity file /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/id_dsa 
type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'plm' is known and matches the RSA host key.
debug1: Found key in /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

PLM Grid Lab
============


debug1: Authentications that can continue: 
publickey,gssapi-with-mic,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive).
milicchio at plm01 ~$



=== SERVER

plm:~# /usr/sbin/sshd -dddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 284
debug2: parse_server_config: config /etc/ssh/sshd_config len 284
debug1: sshd version OpenSSH_3.9p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-dddd'
socket: Address family not supported by protocol
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 284
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7

-- 
Sensei <mailto:senseiwa at tin.it>

The optimist says "Tomorrow is sunday".
The pessimist says "The day after tomorrow is monday". (Gustave Flaubert)

More information about the Kerberos mailing list