ssh-krb5 problems

rachel elizabeth dillon red at MIT.EDU
Tue Sep 21 17:29:02 EDT 2004 

I am not entirely sure what your situation or problem is, but here
are some things you might try:

1. Are you trying to ssh as a user that exists on the other machine?
If the user does not exist in the other machine's /etc/passwd, then 
I don't believe the KDC will ever be queried.

2. ssh -v -v -v (for Very Very Verbose) may give you some idea of
what is happening; similarly you can run sshd -d -d -d to have a 
single-connection sshd in debugging mode. It may be good to compare
these outputs between a working connection (on the same machine)
and a non-working connection (between two machines) to see what the
differences in output are. They might shed some light on your situation.

3. You could try running ssh, sshd, or both through a utility like 
strace or truss and see if it turns anything up. Again, I am not sure
exactly what to look for here, but I know that when I have had problems,
I have sometimes found the output useful. Note that saving the output of
strace (the linux utility) or truss (the solaris utility) to disk may
leave your Kerberos password exposed in plaintext in that file; be
careful.

Hope this helps,

-r.

On Tue, Sep 21, 2004 at 06:35:51PM +0200, ghe at upsa.es wrote:
> Hi people,
> 
> > I dont understand your answer
> 
> Sorry.. i will try to explain better...
> 
> > Le mardi 21 Septembre 2004 01:31, Ghe Rivero a écrit :
> >> El lun, 20-09-2004 a las 15:27 -0500, Luis Daniel Lucio Quiroz escribió:
> >> > do you have your   host/fqdn.server2  realm done?  or your
> >> > ssh/fqdn.server2?
> >>
> >> 	host/fqdn.server2, that's what i have and what i get when connecting
> >> locally.
> 
>     I have done the host/ssh-server.princial (with kadmin to create the
> principal and kadmin:ktadd to add it to the /etc/krb5.keytab file in the
> ssh server)
> 
>    When i connect locally to the ssh server, I get the ticket
> host/ssh-server.princial properly, but when coneccting to another ssh
> server, there is no communication with the KDC to try to obtain the
> ticket.
> 
>     Ghe Rivero
> 
> 
> 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list