Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

AFAIK, OpenSSH does not support Kerberos by default. However there are some patches on Internet.
Werdhi

Hmm ... I do use Kerberos for POP3 and IMAP e-mail with the University's server but I don't know enough to know whether I'm dealing with a whole different matter when using SFTP. I don't use any other SSH Client. I'll have to check with the IT folks to see if they have an idea regarding this. It may be that I cannot use Kerberos to upload/download to the AFS.

I'll get back to you.

Thank you,

werdhi
martin

Re: Log File

Werdhi wrote:

Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

I does not looks like your SSH server supportes GSSAPI (Kerberos). Are you sure it does? Are you able to login to it using Kerberos with any other SSH client? Which one?
Werdhi

Log File

Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

Thanks for your help.
--------------------------------------------------------------------------
. WinSCP Version 3.7.2 (Build 262) (OS 5.1.2600 Service Pack 2)
. Login time: Monday, February 07, 2005 12:26:16 PM
. --------------------------------------------------------------------------
. Session name: *Werdhi's IFS Space - Kerberized
. Host name: login.***.edu (Port: 22)
. User name: werdhi (Password: No, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-
. SFTP Bugs: -,-
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "login.***.edu"
. Connecting to ***.211.2.206 port 22
. Server version: SSH-1.99-OpenSSH_3.4p1
. We claim version: SSH-2.0-WinSCP_release_3.7.2
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 10:4a:ec:d2:f1:38:f7:ea:0a:a0:0f:17:57:ea:a6:16
. Initialised AES-256 client->server encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "werdhi".
. Session password prompt (werdhi@login.***.edu's password: )
. Asking user for password.
. Sent password
. Access granted
. Opened channel for session
. Started a shell/command
. --------------------------------------------------------------------------
. Using SFTP protocol.
. Doing startup conversation with host.
> Type: SSH_FXP_INIT, Size: 5, Number: -1
< Type: SSH_FXP_VERSION, Size: 5, Number: -1
. SFTP version 3 negotiated.
> Type: SSH_FXP_EXTENDED, Size: 38, Number: 200
< Type: SSH_FXP_STATUS, Size: 38, Number: 200
< Status/error code: 8
. Server does not recognise WinSCP.
. Getting current directory name.
. Getting real path for '.'
> Type: SSH_FXP_REALPATH, Size: 10, Number: 528
< Type: SSH_FXP_NAME, Size: 79, Number: 528
. Real path is '/afs/***.edu/user/***'
. Listing directory "/afs/***.edu/user/***".
> Type: SSH_FXP_OPENDIR, Size: 38, Number: 779
< Type: SSH_FXP_HANDLE, Size: 13, Number: 779
> Type: SSH_FXP_READDIR, Size: 13, Number: 1036
< Type: SSH_FXP_NAME, Size: 7169, Number: 1036
> Type: SSH_FXP_READDIR, Size: 13, Number: 1292
. Reading symlink ".cshrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 1555
> Type: SSH_FXP_STAT, Size: 45, Number: 1809
< Type: SSH_FXP_STATUS, Size: 28, Number: 1292
. Storing reserved response
< Type: SSH_FXP_NAME, Size: 47, Number: 1555
< Type: SSH_FXP_ATTRS, Size: 37, Number: 1809
. Reading symlink ".login".
> Type: SSH_FXP_READLINK, Size: 45, Number: 2067
> Type: SSH_FXP_STAT, Size: 45, Number: 2321
< Type: SSH_FXP_NAME, Size: 47, Number: 2067
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2321
. Reading symlink ".logout".
> Type: SSH_FXP_READLINK, Size: 46, Number: 2579
> Type: SSH_FXP_STAT, Size: 46, Number: 2833
< Type: SSH_FXP_NAME, Size: 49, Number: 2579
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2833
. Reading symlink ".mwmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 3091
> Type: SSH_FXP_STAT, Size: 45, Number: 3345
< Type: SSH_FXP_NAME, Size: 47, Number: 3091
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3345
. Reading symlink ".principals".
> Type: SSH_FXP_READLINK, Size: 50, Number: 3603
> Type: SSH_FXP_STAT, Size: 50, Number: 3857
< Type: SSH_FXP_NAME, Size: 57, Number: 3603
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3857
. Reading symlink ".profile".
> Type: SSH_FXP_READLINK, Size: 47, Number: 4115
> Type: SSH_FXP_STAT, Size: 47, Number: 4369
< Type: SSH_FXP_NAME, Size: 51, Number: 4115
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4369
. Reading symlink ".termsetup".
> Type: SSH_FXP_READLINK, Size: 49, Number: 4627
> Type: SSH_FXP_STAT, Size: 49, Number: 4881
< Type: SSH_FXP_NAME, Size: 55, Number: 4627
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4881
. Reading symlink ".tvtwmrc".
> Type: SSH_FXP_READLINK, Size: 47, Number: 5139
> Type: SSH_FXP_STAT, Size: 47, Number: 5393
< Type: SSH_FXP_NAME, Size: 51, Number: 5139
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5393
. Reading symlink ".twmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 5651
> Type: SSH_FXP_STAT, Size: 45, Number: 5905
< Type: SSH_FXP_NAME, Size: 47, Number: 5651
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5905
. Reading symlink ".xpattern".
> Type: SSH_FXP_READLINK, Size: 48, Number: 6163
> Type: SSH_FXP_STAT, Size: 48, Number: 6417
< Type: SSH_FXP_NAME, Size: 53, Number: 6163
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6417
. Reading symlink ".xresources".
> Type: SSH_FXP_READLINK, Size: 50, Number: 6675
> Type: SSH_FXP_STAT, Size: 50, Number: 6929
< Type: SSH_FXP_NAME, Size: 57, Number: 6675
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6929
. Reading symlink ".zephyr.subs".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7187
> Type: SSH_FXP_STAT, Size: 51, Number: 7441
< Type: SSH_FXP_NAME, Size: 59, Number: 7187
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7441
. Reading symlink ".zephyr.vars".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7699
> Type: SSH_FXP_STAT, Size: 51, Number: 7953
< Type: SSH_FXP_NAME, Size: 59, Number: 7699
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7953
. Reading symlink ".xsession".
> Type: SSH_FXP_READLINK, Size: 48, Number: 8211
> Type: SSH_FXP_STAT, Size: 48, Number: 8465
< Type: SSH_FXP_NAME, Size: 53, Number: 8211
< Type: SSH_FXP_ATTRS, Size: 37, Number: 8465
< Status/error code: 1
> Type: SSH_FXP_CLOSE, Size: 13, Number: 8708
. Startup conversation with host finished.
. Closing connection.
martin

Re: WinSCP not using Kerberos Tickets

Can you post a log file?
Werdhi

WinSCP not using Kerberos Tickets

Pardon my ignorance :? ... I use Keberos Authentication (MIT Leash Version 2.6.3.20040525) for obtaining a Kerberos ticket which both my e-mail programs then can use to log me into the server securely (I use Mulberry and Eudora). When I set up WinSCP to "Attempt MIT Kerberos 5 GSSAPI Authentication," I still get prompted for a password and the ticket I've already obtained is not used.

What am I doing wrong :?:

Thanks!
v_t_m

Re: kerberos

Currently I'am working on SSPI authentication for PuTTY. I will probably use a patch from Certified Security Solutions (<invalid hyperlink removed by admin>).
As this patch includes Kerberos autehtication for SSH1, maybe I will include this feature, too.
martin

Re: kerberos

I'll propagate your request to author of Kerberos code.
tmpsa

kerberos

Just in case you run out of features to add: :D
Kerberos 5 would be cool, too.