jim_bob wrote: > Hello, I am trying to get ssh single sign on working with kerberos but > it keeps failing with "server not found in Kerberos database" the > optput of ssh -vvv: >
Have you added the host/[email protected] principal to the KDC, and created the matching krb5.keytab file on krb1.testsetup.com? > ssh -vvv krb1.testsetup.com > OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to krb1.testsetup.com [64.85.166.148] port 22. > debug1: Connection established. > debug1: identity file /home/user/.ssh/identity type -1 > debug3: Not a RSA1 key file /home/user/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/user/.ssh/id_rsa type 1 > debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 > debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 > debug1: identity file /home/user/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.1p1 Debian-5 > debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5 > debug2: fd 3 setting O_NONBLOCK > debug3: Trying to reverse map address 64.85.166.148. > debug1: Unspecified GSS failure. Minor code may provide more > information > Server not found in Kerberos database > > debug1: Unspecified GSS failure. Minor code may provide more > information > Server not found in Kerberos database > > debug1: Unspecified GSS failure. Minor code may provide more > information > > > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie- > hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[email protected],zlib > debug2: kex_parse_kexinit: none,[email protected],zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss- > group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay > +al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group- > exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[email protected] > debug2: kex_parse_kexinit: none,[email protected] > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 128/256 > debug2: bits set: 524/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 5 > debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 2 > debug1: Host 'krb1.testsetup.com' is known and matches the RSA host > key. > debug1: Found key in /home/user/.ssh/known_hosts:5 > debug2: bits set: 503/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/user/.ssh/id_rsa (0xb9f629b0) > debug2: key: /home/user/.ssh/identity ((nil)) > debug2: key: /home/user/.ssh/id_dsa ((nil)) > debug1: Authentications that can continue: publickey,gssapi- > keyex,gssapi-with-mic,password > debug3: start over, passed a different list publickey,gssapi- > keyex,gssapi-with-mic,password > debug3: preferred gssapi-keyex,gssapi-with- > mic,gssapi,publickey,keyboard-interactive,password > debug3: authmethod_lookup gssapi-keyex > debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard- > interactive,password > debug3: authmethod_is_enabled gssapi-keyex > debug1: Next authentication method: gssapi-keyex > debug1: No valid Key exchange context > debug2: we did not send a packet, disable method > debug3: authmethod_lookup gssapi-with-mic > debug3: remaining preferred: gssapi,publickey,keyboard- > interactive,password > debug3: authmethod_is_enabled gssapi-with-mic > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more > information > Server not found in Kerberos database > > debug1: Unspecified GSS failure. Minor code may provide more > information > Server not found in Kerberos database > > debug1: Unspecified GSS failure. Minor code may provide more > information > > > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering public key: /home/user/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi- > keyex,gssapi-with-mic,password > debug1: Trying private key: /home/user/.ssh/identity > debug3: no such identity: /home/user/.ssh/identity > debug1: Trying private key: /home/user/.ssh/id_dsa > debug3: no such identity: /home/user/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > [email protected]'s password: > > The output of nslookup: > nslookup krb1.testsetup.com > Server: 192.168.1.1 > Address: 192.168.1.1#53 > > Non-authoritative answer: > Name: krb1.testsetup.com > Address: 64.85.166.148 > > > /etc/krb5.conf > [libdefaults] > default_realm = TESTSETUP.COM > > [realms] > TESTSETUP.COM = { > kdc = krb1.testsetup.com > admin_server = krb1.testsetup.com > > [login] > krb4_convert = true > krb4_get_tickets = false > kdc = FILE:/var/log/kerberos/krb5kdc.log > admin_server = FILE:/var/log/kerberos/kadmin.log > default = FILE:/var/log/kerberos/krb5lib.log > > I am kind of new to this, any help would be appreciated. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
