Going across a firewall
Greg Hudson
ghudson at MIT.EDU
Tue Sep 6 10:12:16 EDT 2011
On Tue, 2011-09-06 at 04:15 -0400, Mauricio Tavares wrote:
> Now, when I try to ssh from externalbox to the kdc, it seems that
> gssapi-with-mic isn't working:
Usually the best way to debug auth problems with ssh is to
run /path/to/sshd -d -p XXXX on the server and ssh -p XXXX on the
client, for some alternate port number XXXX. The client doesn't usually
know much about what went wrong and displays even less.
If your server's Kerberos library is new enough (and is MIT krb5),
setting KRB5_TRACE=/some/filename can provided a little more information
on top of the debugging output. That can also work on the client, but
is unlikely to be as useful there.
More information about the Kerberos
mailing list