Kerberos5 + SSH Questions

Brian Candler B.Candler at
Tue Jan 4 05:01:03 EST 2011

On Tue, Jan 04, 2011 at 05:43:22PM +0800, Lee Eric wrote:
> Thanks mate. Is there anything wrong with my configuration file?

I couldn't see anything, but please run the sshd -p99 test I specified. That
will almost certainly tell you in plain English what the problem is.

> furthermore, how do you create your keytab?

On the target ssh server:

kadmin -p someone/admin
addprinc -randkey host/
ktadd host/



P.S. if for some reason you can't do it there, then do it somewhere else but
write the key out to a different file:

ktadd -k /tmp/ host/

Then copy this file to the ssh server as /etc/krb5.keytab

Make sure it is fully protected!
chown 0:0 /etc/krb5.keytab
chmod 400 /etc/krb5.keytab

And securely delete the intermediate copy:
shred -u /tmp/

More information about the Kerberos mailing list