Dear OpenSSH types,
I am trying to use a Windows AD KDC to authenticate gssapi-with-mic
connections between Linux clients. The problem is I get an error from
the ssh server: "Encryption type not permitted" Can anyone tell me
what it's objecting to, or what encryption types are permitted?
I'm using sshd: OpenSSH_4.1p1 and client: OpenSSH_3.9p1, OpenSSL
0.9.7e 25 Oct 2004
I have enabled GSSAPIAuthentication on the server and installed /etc/
krb5.keytab with the key:
KVNO Principal
----
------------------------------------------------------------------------
--
4 host/[EMAIL PROTECTED] (DES cbc mode with
RSA-MD5)
On the client I have these credentials:
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
03/13/06 15:55:51 03/14/06 01:55:55 krbtgt/
[EMAIL PROTECTED]
renew until 03/14/06 15:55:51, Etype (skey, tkt): ArcFour
with HMAC/md5, ArcFour with HMAC/md5
03/13/06 15:56:17 03/14/06 01:55:55 host/
[EMAIL PROTECTED]
renew until 03/14/06 15:55:51, Etype (skey, tkt): DES cbc
mode with CRC-32, DES cbc mode with RSA-MD5
Kerberos 4 ticket cache: /tmp/tkt1696
When I try the connection I get this output from sshd:
debug1: userauth-request for user ig206 service ssh-connection method
none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "ig206"
Failed none for ig206 from 128.232.8.60 port 12372 ssh2
debug1: PAM: setting PAM_RHOST to "fenton.cl.cam.ac.uk"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user ig206 service ssh-connection method
gssapi
h-mic
debug1: attempt 1 failures 1
Postponed gssapi-with-mic for ig206 from 128.232.8.60 port 12372 ssh2
debug1: Miscellaneous failure
Encryption type not permitted
debug1: Got no client credentials
Failed gssapi-with-mic for ig206 from 128.232.8.60 port 12372 ssh2
debug1: userauth-request for user ig206 service ssh-connection method
gssapi
h-mic
debug1: attempt 2 failures 2
Failed gssapi-with-mic for ig206 from 128.232.8.60 port 12372 ssh2
