SSH configuration
Paul Moore
paul.moore at centrify.com
Wed Jul 30 13:34:40 EDT 2008
Start sshd on a private port with -dddde
Start ssh client with -vvv
You can ususally see the casue then
Do you have a .krb5login file? This is needed if the stripped upn !=
unix name
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Abhishek Chowdhury
Sent: Wednesday, July 30, 2008 7:05 AM
To: kerberos at mit.edu
Subject: Re: SSH configuration
> I am getting the initial krtgt ticket and the service ticket also when
> I am trying to do ssh. But still the ssh is asking for passowrd. I
> have done the configuration required in the ssh and sshd file.
>
>
bodik wrote:
>
> hi,
>
> I think, that you also need:
>
> * krb5.conf
> a proper configuration for your realm
>
> * sshd_config
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
>
> * ssh_config
>
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
>
> * pam.d/ssh
> pam_krb5.so
>
> * krb5.keytab
> service key in keytab for host
> (to establish a trust between service and KDC)
>
>>> any pointers in this regard?
> there should be many howto's out there, but just now i cann't find any
> suitable walkthrough. but this looks fine (i didn't read it :)
>
> http://www.visolve.com/security/ssh_kerberos.php
>
> bodik
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
View this message in context:
http://www.nabble.com/SSH-configuration-tp18707809p18729232.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list