SSH configuration

Paul Moore paul.moore at centrify.com
Wed Jul 30 13:34:40 EDT 2008


Start sshd on a private port with -dddde
Start ssh client with -vvv

You can ususally see the casue then

Do you have a .krb5login file? This is needed if  the stripped upn !=
unix name

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Abhishek Chowdhury
Sent: Wednesday, July 30, 2008 7:05 AM
To: kerberos at mit.edu
Subject: Re: SSH configuration




> I am getting the initial krtgt ticket and the service ticket also when

> I am trying to do ssh. But still the ssh is asking for passowrd. I 
> have done the configuration required in the ssh and sshd file.
> 
> 


bodik wrote:
> 
> hi,
> 
> I think, that you also need:
> 
> * krb5.conf
> a proper configuration for your realm
> 
> *  sshd_config
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
> 
> * ssh_config
> 
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
> 
> * pam.d/ssh
> pam_krb5.so
> 
> * krb5.keytab
> service key in keytab for host
>  (to establish a trust between service and KDC)
> 
>>> any pointers in this regard?
> there should be many howto's out there, but just now i cann't find any

> suitable walkthrough. but this looks fine (i didn't read it :)
> 
> http://www.visolve.com/security/ssh_kerberos.php
> 
> bodik
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

--
View this message in context:
http://www.nabble.com/SSH-configuration-tp18707809p18729232.html
Sent from the Kerberos - General mailing list archive at Nabble.com.

________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list