Kerberos enabled SSH library
Douglas E. Engert
deengert at anl.gov
Fri May 18 18:04:57 EDT 2007
petesea at bigfoot.com wrote:
> On Fri, 18 May 2007, Douglas E. Engert wrote:
>
>> You could look at PuTTY which is uses mostly on Windows, and is used
>> by a number of other package in the way you want. GSSAPI mods are
>> available:
>>
>>
>> http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/kerberos-gssapi.html
>>
>>
>> Look at the "Another patch here adds support for GSSAPI..." which only
>> does gssapi-with-mic.
>>
>> Unfortunately, the PuTTY developers have not been convinced to add
>> GSSAPI support to the base package.
>
> I've considered using PuTTY, but from the standpoint of an "SSH library"
> it doesn't seem like it would be any easier to use then OpenSSH. In
> other words, neither OpenSSH nor PuTTY are designed to be used as an SSH
> library. Which basically means I'd end up stripping out all kinds of
> code I don't need. And since the patched version of PuTTY you reference
> doesn't include support for gssapi-keyex, that gives OpenSSH the
> upper-hand... at least between those two options.
>
> I was really hoping for a library... something like libssh2
> (http://www.libssh2.org)... except it doesn't support GSSAPI auth.
>
Have you asked them? One of the developers has the same name as
a person active in the IETF Kerberos working group.
> On Fri, 18 May 2007, Vladimir Terziev wrote:
>
>>
>> Try also this:
>>
>> http://www.sweb.cz/v_t_m/#putty
>>
>> Vladimir
>
> This is the link referenced above on the PuTTY website. Unfortunately
> it doesn't include support for GSSAPI Key Exchange.
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list