openssh + kerberos + windows ad

Bob Rasmussen ras at anzio.com
Wed Jan 6 09:30:55 EST 2010 

On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:

> Bob,
> 
> What exactly you want to know? :)

1) What version(s) of PuTTY work in your environment? Did you try the 
developer's build from the official PuTTY site?

2) Did you have to create a keytab file on the AD server, and transfer it 
to the SSH server? How exactly did you do this?

3) Did you find online documents that were especially helpful? What were 
they?

Thanks.

> 
> 
> 
> On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras at anzio.com> wrote:
> > I am attempting the same thing myself, almost. Please provide as many
> > details as you can.
> >
> > My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
> > to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
> >
> > I also am running WireShark (formerly Ethereal) to monitor the network, so
> > I can see Kerberos transactions - those that work and those that fail.
> >
> > The PuTTY I am trying is, I think, an unreleased version from the official
> > website. It has calls to GSSAPI.
> >
> > At this point I get messages about an illegal flag being set. I see these
> > in WireShark.
> >
> > I'd appreciate any help.
> >
> > On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
> >
> >> I just did :)
> >>
> >> the problem was the keytab, i created using linux command "net ads
> >> keytab create",
> >>
> >> i tested both linux ssh client and putty
> >> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> >> client, worked, but it didnt created/forwared my ticket) and all
> >> worked fine.
> >>
> >> Is "Kerberos for Windows" necessary for Windows/Putty?
> >>
> >> Thank you all for help.
> >>
> >> Thank you,
> >> Marcello
> >>
> >> --
> >> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> >> http://blogdomarcello.wordpress.com
> >> Information Security
> >> UNIX / Linux / *BSD
> >>
> >>
> >
> > Regards,
> > ....Bob Rasmussen,   President,   Rasmussen Software, Inc.
> >
> > personal e-mail: ras at anzio.com
> >  company e-mail: rsi at anzio.com
> >          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
> >            fax: (US) 503-624-0760
> >            web: http://www.anzio.com
> >  street address: Rasmussen Software, Inc.
> >                 10240 SW Nimbus, Suite L9
> >                 Portland, OR  97223  USA
> >
> 
> 
> 
> -- 
> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> http://blogdomarcello.wordpress.com
> Information Security
> UNIX / Linux / *BSD
> 
> 

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras at anzio.com
 company e-mail: rsi at anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
 street address: Rasmussen Software, Inc.
                 10240 SW Nimbus, Suite L9
                 Portland, OR  97223  USA

More information about the Kerberos mailing list