ssh GSSAPI Authentication
Consider also connecting with ssh public key authentication.
In this example, you will be connecting from your local machine foo to neptune, one of the CAL shell servers. The example assumes your CAL username is qux. We also assume that:
- the kerberos5 libraries are installed on
foo, (not sure if you have them?) and foo's version of ssh is compiled with GSSAPI support.(not sure if this is the case?)foois plugged into the network in Pupin Hall (GSSAPI authentication will not work outside of Pupin).
Start by initializing your kerberos principal for the CAL network (note: if you are logged into one of the standard CAL Configured Workstations, this step is unnecessary):
user@foo ~$ kinit qux@ASTRO.COLUMBIA.EDU
If you get an error like:
kinit(v5): Cannot find KDC for requested realm while getting initial credentials
The krb5 libraries on foo are probably not properly configured. try reconfiguring them
Now, you can try connecting with:
user@foo ~$ ssh -oGSSAPIAuthentication=yes saturn.astro.columbia.edu
If this connection is successful, you may want to consider permanently enabling GSSAPI authentication to this server. You can do that by adding a stanza to your ~/.ssh/config:
Host saturn.astro.columbia.edu GSSAPIAuthentication yes
Last modified
20 years ago
Last modified on 08/26/06 12:07:54
Note:
See TracWiki
for help on using the wiki.
