from the log debug1: Miscellaneous failure debug1: Server not found in Kerberos database debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
"Server not found in the Kerberos Database". Did you create the service principal for the host and extracted that to the keytable on that host. while connecting using ssh give the fqdn of the hostname $ssh hostname.domain It should work. Still if it does'nt work then check the KDC log and see which service principal it is trying to look at. -----Original Message----- From: Someone [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 5:14 PM To: [EMAIL PROTECTED] Subject: Re: SSH with Kerberos 5 GSSAPI Srinivas Cheruku wrote: > Default configuration should work properly. Otherwise you can add the below > lines in your sshd configuration file > > GssapiAuthentication yes > GssapiKeyExchange yes > GssapiUseSessionCredCache yes > > Also start the client session in the verbose mode and see what is happening > by giving > $ ssh -v hostname > > Also you can check on the KDC log whether it has issued a forwarded TGT. > I have added those lines to sshd_config but it didn't help, here is the output of the ssh client: > ssh -v hostname OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid XXXX geteuid 0 anon 1 debug1: Connecting to tonostix [X.X.X.X] port 22. debug1: temporarily_use_uid: XXXX/XXXX (e=0) debug1: restore_uid debug1: temporarily_use_uid: XXXX/XXXX (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/username/.ssh/identity type -1 debug1: identity file /home/username/.ssh/id_rsa type -1 debug1: identity file /home/username/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1 debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 debug1: Miscellaneous failure debug1: Server not found in Kerberos database debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 133/256 debug1: bits set: 1558/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'hostname' is known and matches the RSA host key. debug1: Found key in /home/username/.ssh/known_hosts2:104 debug1: bits set: 1569/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive debug1: next auth method to try is external-keyx debug1: authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive debug1: next auth method to try is gssapi debug1: authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/username/.ssh/identity debug1: try privkey: /home/username/.ssh/id_rsa debug1: try privkey: /home/username/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive debug1: authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive debug1: next auth method to try is password username@hostname's password: debug1: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64) debug1: ssh-userauth2 successful: method password debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: channel request 0: shell debug1: channel 0: open confirm rwindow 0 rmax 16384 Last login: Fri Mar 22 12:38:15 2002 from hostname.domain.com Linux 2.4.5. Output of kinit: > kinit Password for username@REALM: kinit(v5): No credentials cache found when initializing cache Output of klist: > klist klist: No credentials cache found (ticket cache FILE:) Kerberos 4 ticket cache: /tmp/tktXXXX klist: You have no tickets cached Any ideas ? ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos ********************************************************************* Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. ********************************************************************* ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
