On Oct 28, 4:57 pm, "Douglas E. Engert" <[email protected]> wrote: > jim_bob wrote: > > Hello, I am trying to get ssh single sign on working with kerberos but > > it keeps failing with "server not found in Kerberos database" the > > optput of ssh -vvv: > > Have you added the host/[email protected] principal > to the KDC, and created the matching krb5.keytab file on krb1.testsetup.com? > > > > > ssh -vvv krb1.testsetup.com > > OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to krb1.testsetup.com [64.85.166.148] port 22. > > debug1: Connection established. > > debug1: identity file /home/user/.ssh/identity type -1 > > debug3: Not a RSA1 key file /home/user/.ssh/id_rsa. > > debug2: key_type_from_name: unknown key type '-----BEGIN' > > debug3: key_read: missing keytype > > debug2: key_type_from_name: unknown key type 'Proc-Type:' > > debug3: key_read: missing keytype > > debug2: key_type_from_name: unknown key type 'DEK-Info:' > > debug3: key_read: missing keytype > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug2: key_type_from_name: unknown key type '-----END' > > debug3: key_read: missing keytype > > debug1: identity file /home/user/.ssh/id_rsa type 1 > > debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 > > debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 > > debug1: identity file /home/user/.ssh/id_dsa type -1 > > debug1: Remote protocol version 2.0, remote software version > > OpenSSH_5.1p1 Debian-5 > > debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5 > > debug2: fd 3 setting O_NONBLOCK > > debug3: Trying to reverse map address 64.85.166.148. > > debug1: Unspecified GSS failure. Minor code may provide more > > information > > Server not found in Kerberos database > > > debug1: Unspecified GSS failure. Minor code may provide more > > information > > Server not found in Kerberos database > > > debug1: Unspecified GSS failure. Minor code may provide more > > information > > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie- > > hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > > group1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,[email protected],zlib > > debug2: kex_parse_kexinit: none,[email protected],zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss- > > group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay > > +al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group- > > exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > > [email protected],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac- > > ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,[email protected] > > debug2: kex_parse_kexinit: none,[email protected] > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_setup: found hmac-md5 > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug2: mac_setup: found hmac-md5 > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug2: dh_gen_key: priv key bits set: 128/256 > > debug2: bits set: 524/1024 > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts > > debug3: check_host_in_hostfile: match line 5 > > debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts > > debug3: check_host_in_hostfile: match line 2 > > debug1: Host 'krb1.testsetup.com' is known and matches the RSA host > > key. > > debug1: Found key in /home/user/.ssh/known_hosts:5 > > debug2: bits set: 503/1024 > > debug1: ssh_rsa_verify: signature correct > > debug2: kex_derive_keys > > debug2: set_newkeys: mode 1 > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug2: set_newkeys: mode 0 > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug2: service_accept: ssh-userauth > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug2: key: /home/user/.ssh/id_rsa (0xb9f629b0) > > debug2: key: /home/user/.ssh/identity ((nil)) > > debug2: key: /home/user/.ssh/id_dsa ((nil)) > > debug1: Authentications that can continue: publickey,gssapi- > > keyex,gssapi-with-mic,password > > debug3: start over, passed a different list publickey,gssapi- > > keyex,gssapi-with-mic,password > > debug3: preferred gssapi-keyex,gssapi-with- > > mic,gssapi,publickey,keyboard-interactive,password > > debug3: authmethod_lookup gssapi-keyex > > debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard- > > interactive,password > > debug3: authmethod_is_enabled gssapi-keyex > > debug1: Next authentication method: gssapi-keyex > > debug1: No valid Key exchange context > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup gssapi-with-mic > > debug3: remaining preferred: gssapi,publickey,keyboard- > > interactive,password > > debug3: authmethod_is_enabled gssapi-with-mic > > debug1: Next authentication method: gssapi-with-mic > > debug1: Unspecified GSS failure. Minor code may provide more > > information > > Server not found in Kerberos database > > > debug1: Unspecified GSS failure. Minor code may provide more > > information > > Server not found in Kerberos database > > > debug1: Unspecified GSS failure. Minor code may provide more > > information > > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup publickey > > debug3: remaining preferred: keyboard-interactive,password > > debug3: authmethod_is_enabled publickey > > debug1: Next authentication method: publickey > > debug1: Offering public key: /home/user/.ssh/id_rsa > > debug3: send_pubkey_test > > debug2: we sent a publickey packet, wait for reply > > debug1: Authentications that can continue: publickey,gssapi- > > keyex,gssapi-with-mic,password > > debug1: Trying private key: /home/user/.ssh/identity > > debug3: no such identity: /home/user/.ssh/identity > > debug1: Trying private key: /home/user/.ssh/id_dsa > > debug3: no such identity: /home/user/.ssh/id_dsa > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup password > > debug3: remaining preferred: ,password > > debug3: authmethod_is_enabled password > > debug1: Next authentication method: password > > [email protected]'s password: > > > The output of nslookup: > > nslookup krb1.testsetup.com > > Server: 192.168.1.1 > > Address: 192.168.1.1#53 > > > Non-authoritative answer: > > Name: krb1.testsetup.com > > Address: 64.85.166.148 > > > /etc/krb5.conf > > [libdefaults] > > default_realm = TESTSETUP.COM > > > [realms] > > TESTSETUP.COM = { > > kdc = krb1.testsetup.com > > admin_server = krb1.testsetup.com > > > [login] > > krb4_convert = true > > krb4_get_tickets = false > > kdc = FILE:/var/log/kerberos/krb5kdc.log > > admin_server = FILE:/var/log/kerberos/kadmin.log > > default = FILE:/var/log/kerberos/krb5lib.log > > > I am kind of new to this, any help would be appreciated. > > ________________________________________________ > > Kerberos mailing list [email protected] > >https://mailman.mit.edu/mailman/listinfo/kerberos > > -- > > Douglas E. Engert <[email protected]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444
Yes, the host/krb1 pric and krb5.keytab file are present. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
