Unable to SSH with Kerberos user
Rocky Hotas
rockyhotas at post.com
Sat Jan 25 10:43:55 EST 2020
Hello!
I am trying to set up a Kerberos server and a client for the first time,
both using Xubuntu 18.04. I created a normal user `joe' and I am able
to successfully do, from the client:
$ kinit joe
Password for joe at XEXAMPLE.INTK:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: joe at XEXAMPLE.INTK
Valid starting Expires Service principal
25/01/2020 16:10:42 26/01/2020 02:10:42 krbtgt/XEXAMPLE.INTK at XEXAMPLE.INTK
renew until 26/01/2020 16:10:28
Despite the client and server being in the same LAN, when I enter the
password a long wait of several seconds occurs, before the prompt is back
again. I would now like to ssh into the Kerberos server from the client,
as `joe', without being prompted again for a password:
$ ssh joe@<server_FQDN>
However, the password is asked here, despite the TGT shown above, and
even with the correct password the permission is denied.
What could be wrong with this configuration? Also, I still did not
understand the role of the keytab in this operation. Is it necessary?
Note that my user (in the Xubuntu system of the client) has not the name
`joe', as shown in the logs below: `joe' only belongs to Kerberos.
Log of ssh with `-vvv' option: https://pastebin.com/DSueXmf0
Client /etc/ssh/ssh_config: https://pastebin.com/14FWX5ye
Client /etc/krb5.conf: https://pastebin.com/Vpqs0VxT
Server /etc/krb5.conf: https://pastebin.com/1wnB6vum
Server /etc/ssh/sshd_config: https://pastebin.com/WwdyQvF0
Guide followed for setup: https://www.linuxtoday.com/blog/integrating-ldap-and-kerberos-part-one-kerberos.html
(at random times, the link is unavailable; use Google cache page if
needed)
Thank you for having read,
Rocky
More information about the Kerberos
mailing list