[30302] in Kerberos
Re: SSH with Kerberos from Windows XP
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Mon Sep 15 12:09:05 2008
Message-ID: <48CE87E2.5090709@anl.gov>
Date: Mon, 15 Sep 2008 11:05:54 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: =?UTF-8?B?TWFudGFzIE1pa3VsxJduYXM=?=
<grawity+at+cluenet.org@gmail.com>
In-Reply-To: <gaedm6$g05$1@registered.motzarella.org>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Mantas Mikulėnas wrote:> Hello everyone. I'm new here, so please don't hurt me.> > I want to use Kerberos authentication when SSHing from a home Windows XP> machine to a remote network. How do I configure my PC?> > <setup>> > Client PC:> * Microsoft Windows XP Pro SP3> * stand-alone home PC (domain = False)> * I have the install CD> > User:> * I'd prefer to use Microsoft's Kerberos if such a thing exists
Yes and No. It is normally used only when the machine is joinedto an AD domain, and the user logins in to the domain. Thisalso implies AD is providing authorization data.
But you could use the Windows ksetup command to set the nameof the realm, and locations of the KDCs. Then use the Windowsrunas command to get a TGT usable only in the cmd.exe
runas /netonly /user:user@REALM cmd.exe
It will prompt for the Kerberos password. The TGT(You may need other parameters too.)you can then use the Windows klist command from this windowto see the tickets, and start the Quest PuTTY. The PuTTY willuse "SSPI" i.e. Windows GSSAPI to autheticate to a sshdwith GSSAPI.
cd \Program Files\Quest Software\PuTTY putty.exe -load my.host.profile
> (MIT Kerberos has a stupid interface)
A lot easier then what I just described above...
> * I use PuTTY for SSH> * I have the QuestPuTTY mod> * I like command-line> * I don't like Cygwin> > Server:> * Heimdal Kerberos> * Debian Linux> * I know the realm and KDC server address> > </setup>> > </noob>>
--
Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos