<noob> SSH with Kerberos from Windows XP

Douglas E. Engert deengert at anl.gov
Mon Sep 15 12:05:54 EDT 2008

Mantas Mikulėnas wrote:
> Hello everyone. I'm new here, so please don't hurt me.
> I want to use Kerberos authentication when SSHing from a home Windows XP
> machine to a remote network. How do I configure my PC?
> <setup>
> Client PC:
> * Microsoft Windows XP Pro SP3
> * stand-alone home PC (domain = False)
> * I have the install CD
> User:
> * I'd prefer to use Microsoft's Kerberos if such a thing exists

Yes and No. It is normally used only when the machine is joined
to an AD domain, and the user logins in to the domain. This
also implies AD is providing authorization data.

But you could use the Windows ksetup command to set the name
of the realm, and locations of the KDCs. Then use the Windows
runas command to get a TGT usable only in the cmd.exe

  runas /netonly /user:user at REALM cmd.exe

It will prompt for the Kerberos password. The TGT
(You may need other parameters too.)
you can then use the Windows klist command from this window
to see the tickets, and start the Quest PuTTY. The PuTTY will
use "SSPI" i.e. Windows GSSAPI to  autheticate to a sshd
with GSSAPI.

  cd \Program Files\Quest Software\PuTTY
  putty.exe -load my.host.profile

>   (MIT Kerberos has a stupid interface)

A lot easier then what I just described above...

> * I use PuTTY for SSH
> * I have the QuestPuTTY mod
> * I like command-line
> * I don't like Cygwin
> Server:
> * Heimdal Kerberos
> * Debian Linux
> * I know the realm and KDC server address
> </setup>
> </noob>


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list