Topic "kerberos"

Author Message
tmpsa

Guest


Just in case you run out of features to add: Very Happy
Kerberos 5 would be cool, too.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
I'll propagate your request to author of Kerberos code.
_________________
Martin Prikryl
v_t_m
[View user's profile]

Joined: 2004-03-24
Posts: 2
Currently I'am working on SSPI authentication for PuTTY. I will probably use a patch from Certified Security Solutions (<invalid hyperlink removed by admin>).
As this patch includes Kerberos autehtication for SSH1, maybe I will include this feature, too.
Werdhi
[View user's profile]

Joined: 2004-04-06
Posts: 12
Pardon my ignorance Confused ... I use Keberos Authentication (MIT Leash Version 2.6.3.20040525) for obtaining a Kerberos ticket which both my e-mail programs then can use to log me into the server securely (I use Mulberry and Eudora). When I set up WinSCP to "Attempt MIT Kerberos 5 GSSAPI Authentication," I still get prompted for a password and the ticket I've already obtained is not used.

What am I doing wrong Question

Thanks!
_________________
Windows XP Home (SP II)
PIV 2.4 Ghz
1 GB RAM
56k Dial-up
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Werdhi wrote:
Pardon my ignorance Confused ... I use Keberos Authentication (MIT Leash Version 2.6.3.20040525) for obtaining a Kerberos ticket which both my e-mail programs then can use to log me into the server securely (I use Mulberry and Eudora). When I set up WinSCP to "Attempt MIT Kerberos 5 GSSAPI Authentication," I still get prompted for a password and the ticket I've already obtained is not used.

Can you post a log file?
_________________
Martin Prikryl
Werdhi
[View user's profile]

Joined: 2004-04-06
Posts: 12
Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

Thanks for your help.

--------------------------------------------------------------------------
. WinSCP Version 3.7.2 (Build 262) (OS 5.1.2600 Service Pack 2)
. Login time: Monday, February 07, 2005 12:26:16 PM
. --------------------------------------------------------------------------
. Session name: *Werdhi's IFS Space - Kerberized
. Host name: login.***.edu (Port: 22)
. User name: werdhi (Password: No, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-
. SFTP Bugs: -,-
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "login.***.edu"
. Connecting to ***.211.2.206 port 22
. Server version: SSH-1.99-OpenSSH_3.4p1
. We claim version: SSH-2.0-WinSCP_release_3.7.2
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 10:4a:ec:d2:f1:38:f7:ea:0a:a0:0f:17:57:ea:a6:16
. Initialised AES-256 client->server encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "werdhi".
. Session password prompt (werdhi@login.***.edu's password: )
. Asking user for password.
. Sent password
. Access granted
. Opened channel for session
. Started a shell/command
. --------------------------------------------------------------------------
. Using SFTP protocol.
. Doing startup conversation with host.
> Type: SSH_FXP_INIT, Size: 5, Number: -1
< Type: SSH_FXP_VERSION, Size: 5, Number: -1
. SFTP version 3 negotiated.
> Type: SSH_FXP_EXTENDED, Size: 38, Number: 200
< Type: SSH_FXP_STATUS, Size: 38, Number: 200
< Status/error code: 8
. Server does not recognise WinSCP.
. Getting current directory name.
. Getting real path for '.'
> Type: SSH_FXP_REALPATH, Size: 10, Number: 528
< Type: SSH_FXP_NAME, Size: 79, Number: 528
. Real path is '/afs/***.edu/user/***'
. Listing directory "/afs/***.edu/user/***".
> Type: SSH_FXP_OPENDIR, Size: 38, Number: 779
< Type: SSH_FXP_HANDLE, Size: 13, Number: 779
> Type: SSH_FXP_READDIR, Size: 13, Number: 1036
< Type: SSH_FXP_NAME, Size: 7169, Number: 1036
> Type: SSH_FXP_READDIR, Size: 13, Number: 1292
. Reading symlink ".cshrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 1555
> Type: SSH_FXP_STAT, Size: 45, Number: 1809
< Type: SSH_FXP_STATUS, Size: 28, Number: 1292
. Storing reserved response
< Type: SSH_FXP_NAME, Size: 47, Number: 1555
< Type: SSH_FXP_ATTRS, Size: 37, Number: 1809
. Reading symlink ".login".
> Type: SSH_FXP_READLINK, Size: 45, Number: 2067
> Type: SSH_FXP_STAT, Size: 45, Number: 2321
< Type: SSH_FXP_NAME, Size: 47, Number: 2067
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2321
. Reading symlink ".logout".
> Type: SSH_FXP_READLINK, Size: 46, Number: 2579
> Type: SSH_FXP_STAT, Size: 46, Number: 2833
< Type: SSH_FXP_NAME, Size: 49, Number: 2579
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2833
. Reading symlink ".mwmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 3091
> Type: SSH_FXP_STAT, Size: 45, Number: 3345
< Type: SSH_FXP_NAME, Size: 47, Number: 3091
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3345
. Reading symlink ".principals".
> Type: SSH_FXP_READLINK, Size: 50, Number: 3603
> Type: SSH_FXP_STAT, Size: 50, Number: 3857
< Type: SSH_FXP_NAME, Size: 57, Number: 3603
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3857
. Reading symlink ".profile".
> Type: SSH_FXP_READLINK, Size: 47, Number: 4115
> Type: SSH_FXP_STAT, Size: 47, Number: 4369
< Type: SSH_FXP_NAME, Size: 51, Number: 4115
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4369
. Reading symlink ".termsetup".
> Type: SSH_FXP_READLINK, Size: 49, Number: 4627
> Type: SSH_FXP_STAT, Size: 49, Number: 4881
< Type: SSH_FXP_NAME, Size: 55, Number: 4627
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4881
. Reading symlink ".tvtwmrc".
> Type: SSH_FXP_READLINK, Size: 47, Number: 5139
> Type: SSH_FXP_STAT, Size: 47, Number: 5393
< Type: SSH_FXP_NAME, Size: 51, Number: 5139
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5393
. Reading symlink ".twmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 5651
> Type: SSH_FXP_STAT, Size: 45, Number: 5905
< Type: SSH_FXP_NAME, Size: 47, Number: 5651
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5905
. Reading symlink ".xpattern".
> Type: SSH_FXP_READLINK, Size: 48, Number: 6163
> Type: SSH_FXP_STAT, Size: 48, Number: 6417
< Type: SSH_FXP_NAME, Size: 53, Number: 6163
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6417
. Reading symlink ".xresources".
> Type: SSH_FXP_READLINK, Size: 50, Number: 6675
> Type: SSH_FXP_STAT, Size: 50, Number: 6929
< Type: SSH_FXP_NAME, Size: 57, Number: 6675
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6929
. Reading symlink ".zephyr.subs".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7187
> Type: SSH_FXP_STAT, Size: 51, Number: 7441
< Type: SSH_FXP_NAME, Size: 59, Number: 7187
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7441
. Reading symlink ".zephyr.vars".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7699
> Type: SSH_FXP_STAT, Size: 51, Number: 7953
< Type: SSH_FXP_NAME, Size: 59, Number: 7699
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7953
. Reading symlink ".xsession".
> Type: SSH_FXP_READLINK, Size: 48, Number: 8211
> Type: SSH_FXP_STAT, Size: 48, Number: 8465
< Type: SSH_FXP_NAME, Size: 53, Number: 8211
< Type: SSH_FXP_ATTRS, Size: 37, Number: 8465
< Status/error code: 1
> Type: SSH_FXP_CLOSE, Size: 13, Number: 8708
. Startup conversation with host finished.
. Closing connection.
_________________
Windows XP Home (SP II)
PIV 2.4 Ghz
1 GB RAM
56k Dial-up
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Werdhi wrote:
Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

I does not looks like your SSH server supportes GSSAPI (Kerberos). Are you sure it does? Are you able to login to it using Kerberos with any other SSH client? Which one?
_________________
Martin Prikryl
Werdhi
[View user's profile]

Joined: 2004-04-06
Posts: 12
Hmm ... I do use Kerberos for POP3 and IMAP e-mail with the University's server but I don't know enough to know whether I'm dealing with a whole different matter when using SFTP. I don't use any other SSH Client. I'll have to check with the IT folks to see if they have an idea regarding this. It may be that I cannot use Kerberos to upload/download to the AFS.

I'll get back to you.

Thank you,

werdhi
_________________
Windows XP Home (SP II)
PIV 2.4 Ghz
1 GB RAM
56k Dial-up
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Werdhi wrote:
Hmm ... I do use Kerberos for POP3 and IMAP e-mail with the University's server but I don't know enough to know whether I'm dealing with a whole different matter when using SFTP. I don't use any other SSH Client. I'll have to check with the IT folks to see if they have an idea regarding this. It may be that I cannot use Kerberos to upload/download to the AFS.

AFAIK, OpenSSH does not support Kerberos by default. However there are some patches on Internet.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License