3
爲什麼我不能使用Cygwin ssh到具有Kerberos票證的主機? 這裏是我的配置:使用Cygwin無法使用GSSAPI(Kerberos身份驗證方法)ssh?
$ cat .ssh/config
Host *
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
這是我得到的SSH的嘗試:
$ ssh -v [email protected]
OpenSSH_3.5p1f3, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
2420: debug1: Reading configuration data /home/user/.ssh/config
2420: debug1: Rhosts Authentication disabled, originating port will not be trusted.
2420: debug1: ssh_connect: needpriv 0
2420: debug1: Connecting to host.net [xx.xx.xx.xx] port 22.
2420: debug1: Connection established.
2420: debug1: identity file /home/atanasdichev/.ssh/identity type -1
2420: debug1: identity file /home/atanasdichev/.ssh/id_rsa type -1
2420: debug1: identity file /home/atanasdichev/.ssh/id_dsa type -1
2420: debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4p1 FreeBSD-20100308
2420: debug1: match: OpenSSH_5.4p1 FreeBSD-20100308 pat OpenSSH*
2420: debug1: Enabling compatibility mode for protocol 2.0
2420: debug1: Local version string SSH-2.0-OpenSSH_3.5p1f3
2420: debug1: Miscellaneous failure
2420: debug1: Program lacks support for encryption type
2420: debug1: SSH2_MSG_KEXINIT sent
2420: debug1: SSH2_MSG_KEXINIT received
2420: debug1: kex: server->client aes128-cbc hmac-md5 none
2420: debug1: kex: client->server aes128-cbc hmac-md5 none
2420: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
2420: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
2420: debug1: dh_gen_key: priv key bits set: 119/256
2420: debug1: bits set: 1028/2048
2420: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
2420: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
2420: debug1: Host 'host.net' is known and matches the RSA host key.
2420: debug1: Found key in /home/user/.ssh/known_hosts:1
2420: debug1: bits set: 1000/2048
2420: debug1: ssh_rsa_verify: signature correct
2420: debug1: kex_derive_keys
2420: debug1: newkeys: mode 1
2420: debug1: SSH2_MSG_NEWKEYS sent
2420: debug1: waiting for SSH2_MSG_NEWKEYS
2420: debug1: newkeys: mode 0
2420: debug1: SSH2_MSG_NEWKEYS received
2420: debug1: done: ssh_kex2.
2420: debug1: send SSH2_MSG_SERVICE_REQUEST
2420: debug1: service_accept: ssh-userauth
2420: debug1: got SSH2_MSG_SERVICE_ACCEPT
------------- WARNING -------------
THIS IS A PRIVATE COMPUTER SYSTEM.
-----------------------------------
This computer system including all related equipment,
network devices (specifically including Internet access),
are provided only for authorized use. All computer systems
may be monitored for all lawful purposes, including to
ensure that their use is authorized, for management of the
system, to facilitate protection against unauthorized
access, and to verify security procedures, survivability and
operational security. Monitoring includes active attacks by
authorized personnel and their entities to test or verify
the security of the system. During monitoring, information
may be examined, recorded, copied and used for authorized
purposes. All information including personal information,
placed on or sent over this system may be monitored. Uses of
this system, authorized or unauthorized, constitutes consent
to monitoring of this system. Unauthorized use may subject
you to criminal prosecution. Evidence of any such
unauthorized use collected during monitoring may be used for
administrative, criminal or other adverse action. Use of
this system constitutes consent to monitoring for these
purposes.
2420: debug1: authentications that can continue: publickey,gssapi-with-mic
2420: debug1: next auth method to try is publickey
2420: debug1: try privkey: /home/user/.ssh/identity
2420: debug1: try privkey: /home/user/.ssh/id_rsa
2420: debug1: try privkey: /home/user/.ssh/id_dsa
2420: debug1: no more auth methods to try
2420: Permission denied (publickey,gssapi-with-mic).
2420: debug1: Calling cleanup 0x41c5a0(0x0)
好像我從來沒有嘗試GSSAPI與 - 麥克風身份驗證方法 這是爲什麼?我需要在krb5.conf文件中指定什麼? 謝謝