I'm trying to get kerberized ssh going for my Debian Sarge system. Kerberized telnet works fine. When I try to log in with ssh:
[EMAIL PROTECTED]:~/.ssh$ klist Ticket cache: FILE:/tmp/krb5cc_p1116 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/22/04 15:58:24 10/23/04 01:58:24 krbtgt/[EMAIL PROTECTED] 10/22/04 15:58:30 10/23/04 01:58:24 host/[EMAIL PROTECTED] 10/22/04 16:43:50 10/23/04 01:58:24 host/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt_1 Principal: [EMAIL PROTECTED] Issued Expires Principal 10/22/04 15:50:20 10/22/04 23:30:20 [EMAIL PROTECTED] [EMAIL PROTECTED]:~/.ssh$ ssh helmsley Read from remote host helmsley: Connection reset by peer Connection to helmsley closed. And on the server side: helmsley:~# sshd -d debug1: sshd version OpenSSH_3.6.1p2 Debian_krb5 3.6.1p2-6 Debian_krb5 3.6.1p2-6 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA socket: Address family not supported by protocol debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 192.168.0.13 port 32804 debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2 Debian_krb5 3.6.1p2-6 Debian_krb5 3.6.1p2-6 debug1: match: OpenSSH_3.6.1p2 Debian_krb5 3.6.1p2-6 Debian_krb5 3.6.1p2-6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian_krb5 3.6.1p2-6 Debian_krb5 3.6.1p2-6 debug1: permanently_set_uid: 100/65534 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: GSSAPI mechanism Kerberos (gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==) supported debug1: GSSAPI mechanism Kerberos (gss-group1-sha1-Se3H81ismmOC3OE+FwYCiQ==) supported debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: using GSSAPI mechanism Kerberos (gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==) debug1: Wait SSH2_MSG_GSSAPI_INIT debug1: Got no client credentials debug1: gss_complete debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user wchow service ssh-connection method none debug1: attempt 0 failures 0 debug1: Starting up PAM with username "wchow" Failed none for wchow from 192.168.0.13 port 32804 ssh2 debug1: userauth-request for user wchow service ssh-connection method external-keyx debug1: attempt 1 failures 1 debug1: PAM setting rhost to "helmsley.dev.in.athenacr.com" Authorized to wchow, krb5 principal [EMAIL PROTECTED] (krb5_kuserok) Accepted external-keyx for wchow from 192.168.0.13 port 32804 ssh2 PAM rejected by account configuration[9]: Authentication service cannot retrieve authentication info. debug1: PAM establishing creds Failed gssapi for wchow from 192.168.0.13 port 32804 ssh2 monitor_read: unsupported request: 38 debug1: Calling cleanup 0x8067710(0x0) I don't know how to read any of this output, so some clues would be greatly appreciated... Thanks, Wes -- http://www.woahnelly.net/~wes/ OpenPGP key = 0xA5CA6644 fingerprint = FDE5 21D8 9D8B 386F 128F DF52 3F52 D582 A5CA 6644 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
