kerberos

Advertisement

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

Re: kerberos

I'll propagate your request to author of Kerberos code.
_________________
Martin Prikryl

Reply with quote

v_t_m
Joined:
Posts:
2

Re: kerberos

Currently I'am working on SSPI authentication for PuTTY. I will probably use a patch from Certified Security Solutions (<invalid hyperlink removed by admin>).
As this patch includes Kerberos autehtication for SSH1, maybe I will include this feature, too.

Reply with quote

Werdhi
Joined:
Posts:
12

WinSCP not using Kerberos Tickets

Pardon my ignorance :? ... I use Keberos Authentication (MIT Leash Version 2.6.3.20040525) for obtaining a Kerberos ticket which both my e-mail programs then can use to log me into the server securely (I use Mulberry and Eudora). When I set up WinSCP to "Attempt MIT Kerberos 5 GSSAPI Authentication," I still get prompted for a password and the ticket I've already obtained is not used.

What am I doing wrong :?:

Thanks!
_________________
Windows XP Home (SP II)
PIV 2.4 Ghz
1 GB RAM
56k Dial-up

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

Re: WinSCP not using Kerberos Tickets

Werdhi wrote:

Pardon my ignorance :? ... I use Keberos Authentication (MIT Leash Version 2.6.3.20040525) for obtaining a Kerberos ticket which both my e-mail programs then can use to log me into the server securely (I use Mulberry and Eudora). When I set up WinSCP to "Attempt MIT Kerberos 5 GSSAPI Authentication," I still get prompted for a password and the ticket I've already obtained is not used.
Can you post a log file?
_________________
Martin Prikryl

Reply with quote

Advertisement

Werdhi
Joined:
Posts:
12

Log File

Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

Thanks for your help.

--------------------------------------------------------------------------
. WinSCP Version 3.7.2 (Build 262) (OS 5.1.2600 Service Pack 2)
. Login time: Monday, February 07, 2005 12:26:16 PM
. --------------------------------------------------------------------------
. Session name: *Werdhi's IFS Space - Kerberized
. Host name: login.***.edu (Port: 22)
. User name: werdhi (Password: No, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-
. SFTP Bugs: -,-
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "login.***.edu"
. Connecting to ***.211.2.206 port 22
. Server version: SSH-1.99-OpenSSH_3.4p1
. We claim version: SSH-2.0-WinSCP_release_3.7.2
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 10:4a:ec:d2:f1:38:f7:ea:0a:a0:0f:17:57:ea:a6:16
. Initialised AES-256 client->server encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "werdhi".
. Session password prompt (werdhi@login.***.edu's password: )
. Asking user for password.
. Sent password
. Access granted
. Opened channel for session
. Started a shell/command
. --------------------------------------------------------------------------
. Using SFTP protocol.
. Doing startup conversation with host.
> Type: SSH_FXP_INIT, Size: 5, Number: -1
< Type: SSH_FXP_VERSION, Size: 5, Number: -1
. SFTP version 3 negotiated.
> Type: SSH_FXP_EXTENDED, Size: 38, Number: 200
< Type: SSH_FXP_STATUS, Size: 38, Number: 200
< Status/error code: 8
. Server does not recognise WinSCP.
. Getting current directory name.
. Getting real path for '.'
> Type: SSH_FXP_REALPATH, Size: 10, Number: 528
< Type: SSH_FXP_NAME, Size: 79, Number: 528
. Real path is '/afs/***.edu/user/***'
. Listing directory "/afs/***.edu/user/***".
> Type: SSH_FXP_OPENDIR, Size: 38, Number: 779
< Type: SSH_FXP_HANDLE, Size: 13, Number: 779
> Type: SSH_FXP_READDIR, Size: 13, Number: 1036
< Type: SSH_FXP_NAME, Size: 7169, Number: 1036
> Type: SSH_FXP_READDIR, Size: 13, Number: 1292
. Reading symlink ".cshrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 1555
> Type: SSH_FXP_STAT, Size: 45, Number: 1809
< Type: SSH_FXP_STATUS, Size: 28, Number: 1292
. Storing reserved response
< Type: SSH_FXP_NAME, Size: 47, Number: 1555
< Type: SSH_FXP_ATTRS, Size: 37, Number: 1809
. Reading symlink ".login".
> Type: SSH_FXP_READLINK, Size: 45, Number: 2067
> Type: SSH_FXP_STAT, Size: 45, Number: 2321
< Type: SSH_FXP_NAME, Size: 47, Number: 2067
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2321
. Reading symlink ".logout".
> Type: SSH_FXP_READLINK, Size: 46, Number: 2579
> Type: SSH_FXP_STAT, Size: 46, Number: 2833
< Type: SSH_FXP_NAME, Size: 49, Number: 2579
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2833
. Reading symlink ".mwmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 3091
> Type: SSH_FXP_STAT, Size: 45, Number: 3345
< Type: SSH_FXP_NAME, Size: 47, Number: 3091
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3345
. Reading symlink ".principals".
> Type: SSH_FXP_READLINK, Size: 50, Number: 3603
> Type: SSH_FXP_STAT, Size: 50, Number: 3857
< Type: SSH_FXP_NAME, Size: 57, Number: 3603
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3857
. Reading symlink ".profile".
> Type: SSH_FXP_READLINK, Size: 47, Number: 4115
> Type: SSH_FXP_STAT, Size: 47, Number: 4369
< Type: SSH_FXP_NAME, Size: 51, Number: 4115
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4369
. Reading symlink ".termsetup".
> Type: SSH_FXP_READLINK, Size: 49, Number: 4627
> Type: SSH_FXP_STAT, Size: 49, Number: 4881
< Type: SSH_FXP_NAME, Size: 55, Number: 4627
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4881
. Reading symlink ".tvtwmrc".
> Type: SSH_FXP_READLINK, Size: 47, Number: 5139
> Type: SSH_FXP_STAT, Size: 47, Number: 5393
< Type: SSH_FXP_NAME, Size: 51, Number: 5139
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5393
. Reading symlink ".twmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 5651
> Type: SSH_FXP_STAT, Size: 45, Number: 5905
< Type: SSH_FXP_NAME, Size: 47, Number: 5651
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5905
. Reading symlink ".xpattern".
> Type: SSH_FXP_READLINK, Size: 48, Number: 6163
> Type: SSH_FXP_STAT, Size: 48, Number: 6417
< Type: SSH_FXP_NAME, Size: 53, Number: 6163
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6417
. Reading symlink ".xresources".
> Type: SSH_FXP_READLINK, Size: 50, Number: 6675
> Type: SSH_FXP_STAT, Size: 50, Number: 6929
< Type: SSH_FXP_NAME, Size: 57, Number: 6675
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6929
. Reading symlink ".zephyr.subs".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7187
> Type: SSH_FXP_STAT, Size: 51, Number: 7441
< Type: SSH_FXP_NAME, Size: 59, Number: 7187
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7441
. Reading symlink ".zephyr.vars".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7699
> Type: SSH_FXP_STAT, Size: 51, Number: 7953
< Type: SSH_FXP_NAME, Size: 59, Number: 7699
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7953
. Reading symlink ".xsession".
> Type: SSH_FXP_READLINK, Size: 48, Number: 8211
> Type: SSH_FXP_STAT, Size: 48, Number: 8465
< Type: SSH_FXP_NAME, Size: 53, Number: 8211
< Type: SSH_FXP_ATTRS, Size: 37, Number: 8465
< Status/error code: 1
> Type: SSH_FXP_CLOSE, Size: 13, Number: 8708
. Startup conversation with host finished.
. Closing connection.
_________________
Windows XP Home (SP II)
PIV 2.4 Ghz
1 GB RAM
56k Dial-up

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

Re: Log File

Werdhi wrote:

Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.
I does not looks like your SSH server supportes GSSAPI (Kerberos). Are you sure it does? Are you able to login to it using Kerberos with any other SSH client? Which one?
_________________
Martin Prikryl

Reply with quote

Werdhi
Joined:
Posts:
12

Hmm ... I do use Kerberos for POP3 and IMAP e-mail with the University's server but I don't know enough to know whether I'm dealing with a whole different matter when using SFTP. I don't use any other SSH Client. I'll have to check with the IT folks to see if they have an idea regarding this. It may be that I cannot use Kerberos to upload/download to the AFS.

I'll get back to you.

Thank you,

werdhi
_________________
Windows XP Home (SP II)
PIV 2.4 Ghz
1 GB RAM
56k Dial-up

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

Werdhi wrote:

Hmm ... I do use Kerberos for POP3 and IMAP e-mail with the University's server but I don't know enough to know whether I'm dealing with a whole different matter when using SFTP. I don't use any other SSH Client. I'll have to check with the IT folks to see if they have an idea regarding this. It may be that I cannot use Kerberos to upload/download to the AFS.
AFAIK, OpenSSH does not support Kerberos by default. However there are some patches on Internet.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum