Server not found in Kerberos database

jim_bob romanbo at gmail.com
Wed Oct 28 17:40:10 EDT 2009


On Oct 28, 4:57 pm, "Douglas E. Engert" <deeng... at anl.gov> wrote:
> jim_bob wrote:
> > Hello, I am trying to get ssh single sign on working with kerberos but
> > it keeps failing with "server not found in Kerberos database" the
> > optput of ssh -vvv:
>
> Have you added the host/krb1.testsetup.... at TESTSETUP.COM principal
> to the KDC, and created the matching krb5.keytab file on krb1.testsetup.com?
>
>
>
> > ssh -vvv krb1.testsetup.com
> > OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to krb1.testsetup.com [64.85.166.148] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/user/.ssh/identity type -1
> > debug3: Not a RSA1 key file /home/user/.ssh/id_rsa.
> > debug2: key_type_from_name: unknown key type '-----BEGIN'
> > debug3: key_read: missing keytype
> > debug2: key_type_from_name: unknown key type 'Proc-Type:'
> > debug3: key_read: missing keytype
> > debug2: key_type_from_name: unknown key type 'DEK-Info:'
> > debug3: key_read: missing keytype
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug2: key_type_from_name: unknown key type '-----END'
> > debug3: key_read: missing keytype
> > debug1: identity file /home/user/.ssh/id_rsa type 1
> > debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> > debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> > debug1: identity file /home/user/.ssh/id_dsa type -1
> > debug1: Remote protocol version 2.0, remote software version
> > OpenSSH_5.1p1 Debian-5
> > debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
> > debug2: fd 3 setting O_NONBLOCK
> > debug3: Trying to reverse map address 64.85.166.148.
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
> > Server not found in Kerberos database
>
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
> > Server not found in Kerberos database
>
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
>
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> > hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
> > group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> > c... at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> > c... at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac... at openssh.com,hmac-
> > ripemd160,hmac-ripemd... at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac... at openssh.com,hmac-
> > ripemd160,hmac-ripemd... at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,z... at openssh.com,zlib
> > debug2: kex_parse_kexinit: none,z... at openssh.com,zlib
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-
> > group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay
> > +al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-
> > exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> > c... at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> > c... at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac... at openssh.com,hmac-
> > ripemd160,hmac-ripemd... at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac... at openssh.com,hmac-
> > ripemd160,hmac-ripemd... at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,z... at openssh.com
> > debug2: kex_parse_kexinit: none,z... at openssh.com
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: mac_setup: found hmac-md5
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug2: mac_setup: found hmac-md5
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug2: dh_gen_key: priv key bits set: 128/256
> > debug2: bits set: 524/1024
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 5
> > debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 2
> > debug1: Host 'krb1.testsetup.com' is known and matches the RSA host
> > key.
> > debug1: Found key in /home/user/.ssh/known_hosts:5
> > debug2: bits set: 503/1024
> > debug1: ssh_rsa_verify: signature correct
> > debug2: kex_derive_keys
> > debug2: set_newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug2: set_newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug2: key: /home/user/.ssh/id_rsa (0xb9f629b0)
> > debug2: key: /home/user/.ssh/identity ((nil))
> > debug2: key: /home/user/.ssh/id_dsa ((nil))
> > debug1: Authentications that can continue: publickey,gssapi-
> > keyex,gssapi-with-mic,password
> > debug3: start over, passed a different list publickey,gssapi-
> > keyex,gssapi-with-mic,password
> > debug3: preferred gssapi-keyex,gssapi-with-
> > mic,gssapi,publickey,keyboard-interactive,password
> > debug3: authmethod_lookup gssapi-keyex
> > debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard-
> > interactive,password
> > debug3: authmethod_is_enabled gssapi-keyex
> > debug1: Next authentication method: gssapi-keyex
> > debug1: No valid Key exchange context
> > debug2: we did not send a packet, disable method
> > debug3: authmethod_lookup gssapi-with-mic
> > debug3: remaining preferred: gssapi,publickey,keyboard-
> > interactive,password
> > debug3: authmethod_is_enabled gssapi-with-mic
> > debug1: Next authentication method: gssapi-with-mic
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
> > Server not found in Kerberos database
>
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
> > Server not found in Kerberos database
>
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
>
> > debug2: we did not send a packet, disable method
> > debug3: authmethod_lookup publickey
> > debug3: remaining preferred: keyboard-interactive,password
> > debug3: authmethod_is_enabled publickey
> > debug1: Next authentication method: publickey
> > debug1: Offering public key: /home/user/.ssh/id_rsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentications that can continue: publickey,gssapi-
> > keyex,gssapi-with-mic,password
> > debug1: Trying private key: /home/user/.ssh/identity
> > debug3: no such identity: /home/user/.ssh/identity
> > debug1: Trying private key: /home/user/.ssh/id_dsa
> > debug3: no such identity: /home/user/.ssh/id_dsa
> > debug2: we did not send a packet, disable method
> > debug3: authmethod_lookup password
> > debug3: remaining preferred: ,password
> > debug3: authmethod_is_enabled password
> > debug1: Next authentication method: password
> > u... at krb1.testsetup.com's password:
>
> > The output of nslookup:
> >  nslookup krb1.testsetup.com
> > Server:            192.168.1.1
> > Address:   192.168.1.1#53
>
> > Non-authoritative answer:
> > Name:      krb1.testsetup.com
> > Address: 64.85.166.148
>
> > /etc/krb5.conf
> >  [libdefaults]
> >                default_realm = TESTSETUP.COM
>
> > [realms]
> >               TESTSETUP.COM = {
> >                       kdc = krb1.testsetup.com
> >                       admin_server = krb1.testsetup.com
>
> > [login]
> >              krb4_convert = true
> >              krb4_get_tickets = false
> >              kdc = FILE:/var/log/kerberos/krb5kdc.log
> >              admin_server = FILE:/var/log/kerberos/kadmin.log
> >              default = FILE:/var/log/kerberos/krb5lib.log
>
> > I am kind of new to this, any help would be appreciated.
> > ________________________________________________
> > Kerberos mailing list           Kerbe... at mit.edu
> >https://mailman.mit.edu/mailman/listinfo/kerberos
>
> --
>
>   Douglas E. Engert  <DEEng... at anl.gov>
>   Argonne National Laboratory
>   9700 South Cass Avenue
>   Argonne, Illinois  60439
>   (630) 252-5444

Yes, the host/krb1 pric and krb5.keytab file are present.



More information about the Kerberos mailing list