[19695] in Kerberos
Re: SSH as root with different principal
daemon@ATHENA.MIT.EDU (Vladimir Terziev)
Thu Jul 31 04:49:51 2003
Date: Thu, 31 Jul 2003 11:48:46 +0300
From: Vladimir Terziev <vladimir.terziev@sun-fish.com>
To: kerberos@mit.edu
Message-Id: <20030731114846.662d6da4.vlady@sun-fish.com>
In-Reply-To: <Pine.LNX.4.56.0307310924121.10625@x.opf.slu.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Please supply the full debug output from `ssh -v' and I'll try to figure out the problem.
Vlady
On Thu, 31 Jul 2003 09:37:29 +0200 (CEST)
Lukas Kubin <kubin@opf.slu.cz> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I tried it but it didn't work. I have
>
> 1. created .k5login file in the root's home at remote server and put
> myrealusernam@MYREALM there
> 2. used the command "ssh -v root@theremoteserver"
>
> But the server still wants me to authenticate using public key or password
> only. This is part of what it returned with the "-v" option:
>
> ==========
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Next authentication method: external-keyx
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Next authentication method: gssapi
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Authentications that can continue:
> external-keyx,gssapi,publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> ==========
>
> Both server and client are Debian Linux with kerberized OpenSSH (from the
> supplied package).
> What should I try next to make it work?
> Thank you.
>
> lukas
>
> On Wed, 30 Jul 2003, Steve Langasek wrote:
>
> > On Wed, Jul 30, 2003 at 04:00:28PM +0200, Lukas Kubin wrote:
> >
> > > How can I login through SSH to administer a remote server? I mean, I have
> > > a principal, say "user" and need to authenticate using kerberized SSH to
> > > become root on the remote server.
> > > Thank you.
> >
> > If using gssapi or krb5 authentication, you would add that principal to
> > root's .k5login file; acquire a TGT for that user; and run
> > 'ssh root@server' or 'ssh -l root server'. This will grant you
> > Kerberos-based access to the root account.
> >
> > --
> > Steve Langasek
> > postmodern programmer
> >
> >
>
> - --
> Lukas Kubin
>
> phone: +420596398285
> email: kubin@opf.slu.cz
>
> Information centre
> The School of Business Administration in Karvina
> Silesian University in Opava
> Czech Republic
> http://www.opf.slu.cz
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Made with pgp4pine 1.75-6
>
> iD8DBQE/KMc/hukdIiZrwu4RAsoAAJ9c2ECgX0L+gobc+mfESo8Y1K6YjwCgigGu
> 1zdOgKB73w3pXr5yeLvhkjc=
> =uLna
> -----END PGP SIGNATURE-----
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
