Saturday, July 26, 2008

linux:ssh:kerberos

Installing proper kereros and connecting with fermilab by ssh are always a bit tricky. Sometimes it needs old version openssh, sometimes it needs more... I don't know. One guy from Fermilab has a post talking about his experience based on ubuntu:

http://ubuntuforums.org/showthread.php?t=486284

I didn't follow his steps (since I just installed a new system, I need to install what I need). The basic idea is:

  • install openssh (I installed newest one)
  • install krb5
  • sudo apt-get install krb5-user
  • copy configure file (/etc/krb5.conf) from any computer of fermilab to your local computer (in the same location)
then you could connect !

Although you could connect, please make sure you have right parameters both in ssh_config and sshd_config due to Fermilab security policy. I have a problem with it (once log in to one computer of clued0, I type klist, nothing found). I got the solution from kerberos-users of fnal:
===
Make sure your SSH client configuration in ssh_config (usually in /etc/ssh/)
contains the lines

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
===

No comments:

Locations of visitors to this page