SFTP site login without giving credentials - Using GSSAPI32.

Advertisement

ste
Joined:
Posts:
4
Location:
Denmark

SFTP site login without giving credentials - Using GSSAPI32.

I'd been looking for a way logging on to a SFTP site without actually giving credentials (using Windows domain credentials).

That would be useful when running a script.

I've read that it should somewhat be possible via MIT's GSSAPI32 library. Which I got already.

So far I haven't been able to find the documentation I need in order to make it work. Obviously I'm not doing it right.

If someone has been able to make it work and want to share. That would be great.

Reply with quote

Advertisement

Guest

SFTP site login without giving credentials - Using GSSAPI32.

Hi Martin

I do think GSSAPI authentication is properly enabled for my specific user(Please look the capture).
Somehow I read the log as if the GSSAPI32 module was not loaded? At least that was why I downloaded the GSSAPI32.DLL(whole package) from MIT. Because I thought it was needed.
Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2021-12-14 08.46.53.934 GSSAPI: KEX: No; Forwarding: No; Libs: gssapi32,sspi,custom; Custom: 
. 2021-12-14 08.46.53.934 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2021-12-14 08.46.53.934 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2021-12-14 08.46.53.934 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
I'm testing on my own computer with my domain user account.

WinSCP capture.png

WinSCP capture.png

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,286
Location:
Prague, Czechia

Re: SFTP site login without giving credentials - Using GSSAPI32.

Once again, does your server support the Kerberos/GSSAPI authentication at all? It's not common. Without that, there's no point checking further.

It seems that you actually just randomly picked Kerberos/GSSAPI authentication as a way to automate authentication. If that's true, you better look at the public key authentication.

Reply with quote

Advertisement

You can post new topics in this forum