SSH issue

Klaas Hagemann klaas at northsailor.de
Tue Jan 17 13:51:16 EST 2006 

Hello Marcel,

Marcel Koopmans schrieb:

>
> [domain_realm]
>  home.elysium-os.nl = HOME.ELYSIUM-OS.NL
>  .home.elysium-os.nl = HOME.ELYSIUM-OS.NL

ok

> Jan 17 19:16:48 zeus krb5kdc[2170](info): TGS_REQ (7 etypes {18 17 16 
> 23 1 3 2}) 172.20.1.5: UNKNOWN_SERVER: authtime 1137492150,  
> marcel at HOME.ELYSIUM-OS.NL for krbtgt/ELYSIUM-OS.NL at HOME.ELYSIUM-OS.NL, 
> Server not found in Kerberos database
>
this looks wrong: krbtgt/ELYSIUM-OS.NL at HOME.ELYSIUM-OS.NL, it should 
look like krbtgt/HOME.ELYSIUM-OS.NL at HOME.ELYSIUM-OS.NL
the client tries to find the principal krbtgt/ELYSIUM-OS.NL in your 
domain, which does not exists.
which are the fqdn of your hosts? This happens often due to wrong 
domain-name mapping. But i cannot find an error in your posted 
configurations.

>
> I do not get a ticket for zeus.
> If server zeus is unknown that why does it work just fine from hades??
> If there is something wrong on hephaestus whay does ssh to hades work??
>
maybe you just have exchanged ssh-keys between hades and zeus? what does 
kerberos.log says when doing this connect?

Maybe you should try the following:
do kinit and display klist
try ssh to both, hades and zeus and monitor kerberos.log

I am not familiar with kerberos on Mac-OS, so maybe i am missing a thing....

Klaas

> with kind regards,
>    Marcel
>
>
>
> Klaas Hagemann wrote:
>
>> Hi marcel,
>>
>> check the domain-realm mapping in /etc/krb5.conf, maybe something 
>> there is wrong.
>> then you can monitor krb5kdc.log while trying to access zeus and see 
>> whats going on.
>>
>> does principal marcel gets a service ticket for zeus?
>>
>> - Klaas
>>
>> Marcel Koopmans schrieb:
>>
>>  
>>
>>> Hello everybody,
>>>
>>> I have a issue with ssh to another computer
>>> I use 3 computers,
>>>
>>> 1 zeus, the KDC that has sshd running
>>> 2 hades,  server that has sshd running
>>> 3 hephaestus,  a workstation, no sshd.
>>>
>>> On hephaestus principal marcel gets its TGT.
>>> ssh to hades works just fine, no password is required.
>>> ssh to zeus fails, in the debug data from ssh I find "Server not 
>>> found in Kerberos database".
>>> but...
>>> login on hades and ssh to zeus does work fine.
>>> also login on hephaestus ssh to hades and then ssh to zeus works fine.
>>>
>>> any ideas??
>>>
>>> with kind regards,
>>>    Marcel
>>>
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> ________________________________________________
>>> Kerberos mailing list           Kerberos at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>  
>>>
>>>     
>>
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>> .
>>
>>   
>

More information about the Kerberos mailing list