Kerberized ssh only works on KDC
Russ Allbery
rra at stanford.edu
Sat Nov 4 15:04:13 EST 2006
Andrew Bovill <abovill at gmail.com> writes:
> when I go to connect to other machines on the network, that are NOT
> KDCs, (but can use kinit just fine), I get the following log from sshd:
> --nonKDC sshd--
> noodles:~# sshd -dD -p2222
> debug1: sshd version OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: Bind to port 2222 on 0.0.0.0.
> Server listening on 0.0.0.0 port 2222.
> socket: Address family not supported by protocol
> debug1: Server will not fork when running in debugging mode.
> Connection from 192.168.183.2 port 35952
> debug1: Client protocol version 2.0; client software version OpenSSH_4.3
> debug1: match: OpenSSH_4.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: Miscellaneous failure
> No such file or directory
> debug1: no credentials for GSSAPI mechanism Kerberos
> debug1: Miscellaneous failure
> No such file or directory
> debug1: no credentials for GSSAPI mechanism Kerberos
Do those other systems have a keytab in /etc/krb5.keytab?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list