<noob> SSH with Kerberos from Windows XP
Douglas E. Engert
deengert at anl.gov
Mon Sep 15 12:05:54 EDT 2008
Mantas Mikulėnas wrote:
> Hello everyone. I'm new here, so please don't hurt me.
>
> I want to use Kerberos authentication when SSHing from a home Windows XP
> machine to a remote network. How do I configure my PC?
>
> <setup>
>
> Client PC:
> * Microsoft Windows XP Pro SP3
> * stand-alone home PC (domain = False)
> * I have the install CD
>
> User:
> * I'd prefer to use Microsoft's Kerberos if such a thing exists
Yes and No. It is normally used only when the machine is joined
to an AD domain, and the user logins in to the domain. This
also implies AD is providing authorization data.
But you could use the Windows ksetup command to set the name
of the realm, and locations of the KDCs. Then use the Windows
runas command to get a TGT usable only in the cmd.exe
runas /netonly /user:user at REALM cmd.exe
It will prompt for the Kerberos password. The TGT
(You may need other parameters too.)
you can then use the Windows klist command from this window
to see the tickets, and start the Quest PuTTY. The PuTTY will
use "SSPI" i.e. Windows GSSAPI to autheticate to a sshd
with GSSAPI.
cd \Program Files\Quest Software\PuTTY
putty.exe -load my.host.profile
> (MIT Kerberos has a stupid interface)
A lot easier then what I just described above...
> * I use PuTTY for SSH
> * I have the QuestPuTTY mod
> * I like command-line
> * I don't like Cygwin
>
> Server:
> * Heimdal Kerberos
> * Debian Linux
> * I know the realm and KDC server address
>
> </setup>
>
> </noob>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list