Server not found in Kerberos database

Douglas E. Engert deengert at anl.gov
Wed Oct 28 16:57:02 EDT 2009



jim_bob wrote:
> Hello, I am trying to get ssh single sign on working with kerberos but
> it keeps failing with "server not found in Kerberos database" the
> optput of ssh -vvv:
> 

Have you added the host/krb1.testsetup.com at TESTSETUP.COM principal
to the KDC, and created the matching krb5.keytab file on krb1.testsetup.com?


> ssh -vvv krb1.testsetup.com
> OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to krb1.testsetup.com [64.85.166.148] port 22.
> debug1: Connection established.
> debug1: identity file /home/user/.ssh/identity type -1
> debug3: Not a RSA1 key file /home/user/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'Proc-Type:'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'DEK-Info:'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/user/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/user/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_5.1p1 Debian-5
> debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
> debug2: fd 3 setting O_NONBLOCK
> debug3: Trying to reverse map address 64.85.166.148.
> debug1: Unspecified GSS failure.  Minor code may provide more
> information
> Server not found in Kerberos database
> 
> debug1: Unspecified GSS failure.  Minor code may provide more
> information
> Server not found in Kerberos database
> 
> debug1: Unspecified GSS failure.  Minor code may provide more
> information
> 
> 
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
> group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-
> ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-
> ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-
> group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay
> +al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-
> exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-
> ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-
> ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_setup: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 128/256
> debug2: bits set: 524/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 5
> debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 2
> debug1: Host 'krb1.testsetup.com' is known and matches the RSA host
> key.
> debug1: Found key in /home/user/.ssh/known_hosts:5
> debug2: bits set: 503/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/user/.ssh/id_rsa (0xb9f629b0)
> debug2: key: /home/user/.ssh/identity ((nil))
> debug2: key: /home/user/.ssh/id_dsa ((nil))
> debug1: Authentications that can continue: publickey,gssapi-
> keyex,gssapi-with-mic,password
> debug3: start over, passed a different list publickey,gssapi-
> keyex,gssapi-with-mic,password
> debug3: preferred gssapi-keyex,gssapi-with-
> mic,gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup gssapi-keyex
> debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard-
> interactive,password
> debug3: authmethod_is_enabled gssapi-keyex
> debug1: Next authentication method: gssapi-keyex
> debug1: No valid Key exchange context
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup gssapi-with-mic
> debug3: remaining preferred: gssapi,publickey,keyboard-
> interactive,password
> debug3: authmethod_is_enabled gssapi-with-mic
> debug1: Next authentication method: gssapi-with-mic
> debug1: Unspecified GSS failure.  Minor code may provide more
> information
> Server not found in Kerberos database
> 
> debug1: Unspecified GSS failure.  Minor code may provide more
> information
> Server not found in Kerberos database
> 
> debug1: Unspecified GSS failure.  Minor code may provide more
> information
> 
> 
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/user/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,gssapi-
> keyex,gssapi-with-mic,password
> debug1: Trying private key: /home/user/.ssh/identity
> debug3: no such identity: /home/user/.ssh/identity
> debug1: Trying private key: /home/user/.ssh/id_dsa
> debug3: no such identity: /home/user/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> user at krb1.testsetup.com's password:
> 
> The output of nslookup:
>  nslookup krb1.testsetup.com
> Server:		192.168.1.1
> Address:	192.168.1.1#53
> 
> Non-authoritative answer:
> Name:	krb1.testsetup.com
> Address: 64.85.166.148
> 
> 
> /etc/krb5.conf
>  [libdefaults]
>                default_realm = TESTSETUP.COM
> 
> [realms]
>               TESTSETUP.COM = {
>                       kdc = krb1.testsetup.com
>                       admin_server = krb1.testsetup.com
> 
> [login]
>              krb4_convert = true
>              krb4_get_tickets = false
>              kdc = FILE:/var/log/kerberos/krb5kdc.log
>              admin_server = FILE:/var/log/kerberos/kadmin.log
>              default = FILE:/var/log/kerberos/krb5lib.log
> 
> I am kind of new to this, any help would be appreciated.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list