Displaying 20 results from an estimated 10000 matches similar to: "GSSAPI Key Exchange on multi-homed host"
2007 Nov 15
3
GSSAPI Key Exchange Patch
Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into
the OpenSSH source?
http://www.sxw.org.uk/computing/patches/openssh.html
I'm sure I'm not the only one that uses it and would like to see it become
part of the OpenSSH source. Is there something missing or is there some
technical/philosophical reason for not including it?
2012 Jul 10
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]
Hi,
I solved my ssh GSSAPI problem. There were a lot of solutions on google
referring to a proper fqdn in the /etc/hosts file and having the
fqdn's/principals in the kerberos server's keytab file but I found out that
my problem was that the samba4/kerberos server was running on a multi-homed
machine and that the ssh server kerberos authentication needed the
following parameter in order
2006 Oct 02
0
GSSAPI Key Exchange for 4.4p1
Hi,
I'm pleased to be able to announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.4p1.
This patch adds RFC4462 compatibility to OpenSSH, along with adding
additional GSSAPI support that is yet to make it into the main tree.
The patch implements:
*) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key
exchange mechanisms. This can be enabled through the
2008 Apr 04
0
GSSAPI Key Exchange Patch for OpenSSH 5.0p1 (plus an added extra)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's that time again! There's been another OpenSSH release, and once
again, I'm pleased to announce the availability of my GSSAPI Key
Exchange patch for it.
Whilst OpenSSH contains support for GSSAPI user authentication, this
still relies upon SSH host keys to authenticate the server to the
user. For sites with a deployed Kerberos
2007 Nov 13
2
Enhanced Kerberos support
The recent addition of auth_gssapi_hostname is a welcome addition, but a little more is needed
for multi-homed (or multi-domained) sites.
SSH recently added this enhancement to address this common need:
GSSAPIStrictAcceptorCheck
Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates
against. If ?yes? then the client must
2016 Nov 09
6
[Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637
Bug ID: 2637
Summary: GSSAPIStrictAcceptorCheck should default to 'yes'
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: minor
Priority: P5
Component: Kerberos support
Assignee:
2007 Jan 23
3
Move servers public/private keys to a new host
Is it possible to move a server's public and private keys from one host to
another? Or perhaps a better way to ask what I really want... is it
possible to configure a server on a new host to return the same public key
it did on the old host?
I'm in the process of migrating our CVS server from a Solaris host to a
Linux host (this weekend) and I just realized the hostkey is going to
2009 Sep 01
2
ssh_exchange_identification: Connection closed by remote host
I'm randomly getting the following error on a server from various remote
hosts:
ssh_exchange_identification: Connection closed by remote host
The server is running OpenSSH 4.5p1 w/GSSAPI Key Exchange patch. The
hosts connecting to it should all be using OpenSSH 5.0p1 w/GSSAPI Key
Exchange patch and using gssapi-keyex authentication.
Normally, when I've seen this error, it means
2006 Aug 18
1
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
http://bugzilla.mindrot.org/show_bug.cgi?id=928
simon at sxw.org.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon at sxw.org.uk
------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 -------
I'd rather see us move towards just using
2020 May 18
1
Best practice multi-homed AD DC
On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 17/05/2020 23:10, Michael Jones wrote:
> > Why?
> Amongst others, you may get:
>
> Slow / Failed logins
> Replication issues
> Group policy access issues
> login script issues
>
> A multi-homed DC (for whatever reason) is a bad idea.
>
> Rowland
>
I
2020 May 18
1
Best practice multi-homed AD DC
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Michael Jones via samba
> Verzonden: maandag 18 mei 2020 11:34
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Best practice multi-homed AD DC
>
> On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
2020 May 17
3
Best practice multi-homed AD DC
On Sun, May 17, 2020 at 1:43 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 17/05/2020 19:30, Johannes Engel via samba wrote:
> > Dear all,
> >
> > as I am currently planning a network with Samba AD DC I was wondering if
> > you can recommend any best practice for a multi-homed AD DC.
>
> Best practise is: do not multi-home a DC.
>
2010 Feb 05
1
Debug server prints debug messages on client
Last June I asked the following question, but didn't receive any
responses:
http://marc.info/?l=openssh-unix-dev&m=124406679122871&w=2
I just did the same test using openssh-5.3p1 and the results are the same.
Is this a bug? Or intentional?
If it's a bug, I'll report it. If it's intentional, any chance it could
be changed? Or a server-side way to override it?
2006 Apr 12
1
OpenSSH 4.3p2, MIT KfW 3.0 and Cygwin
Has anyone successfully built openssh with MIT's KfW (Kerberos for
Windows) under Cygwin?
Is it even possible?
Searching around I found one reference to Nicolas Williams attempting to
do this several years ago, but no indication of success and nothing more
recent.
http://www.cygwin.com/ml/cygwin/2002-01/msg00100.html
What about compiling openssh using a native windows compiler? Is
2009 Apr 21
1
Env var for options/config
Is there any way to define openssh options via an env var?
Something like:
SSH_OPTIONS='-oBatchMode=yes ...'
or
SSH_CONFIG=/path/to/alternate/ssh_config
The reason I'd like to be able to use this is so I can override certain
options without interfering with the users normal configuration file. In
the case of commands that indirectly call ssh, like cvs, there's no way
2009 Nov 10
1
Cygwin OpenSSH 5.1 login session per user
I'm using Cygwin OpenSSH 5.1 on a Windows XP SP3 system.
Is sshd supposed to create a new "login session" for each user that logs
in? Or, is there a way to force it to create a new "login session" for
each user that logs in?
Once logged in, I'm trying to use the Kerberos for Windows command line
utilities (klist/kinit), but I'm told by one of the KfW
2010 Feb 23
1
S_ISSOCK fails in openssh >= 5.1
Starting with openssh 5.1 the following code fails (when executed on a
remote host)... prior to 5.0 this worked, ie S_ISSOCK says STDIN is a
socket.
struct stat s;
fstat(STDIN_FILENO, &s);
if (S_ISSOCK(s.st_mode))
// STDIN is a socket
else
// STDIN is not a socket
Soo... if I have a command on a remote host that includes the above code
and I ssh to the remote host
2015 Feb 26
2
Samba4 SSH SSSD-AD Problem
Hi,
I'm having a problem with ssh and sssd in a samba4 ad environment.
If I logon a linux client everything works fine. When entering klist I'm able
to see my ticket. When I try to connect/logon to another linux client with ssh
it is possible, but klist shows:
klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found.
So the ticket cache is not created during
2020 May 17
2
Best practice multi-homed AD DC
Dear all,
as I am currently planning a network with Samba AD DC I was wondering if
you can recommend any best practice for a multi-homed AD DC.
My current plan is to have one NIC for Samba services and a second one
dedicated to management functions (e.g. SSH) on a separate network
restricted to admin users.
In a testbed scenario I already discovered that once both adapters exist,
samba seems to
2008 Mar 07
1
Command-based ssh_config declarations
How difficult would it be to enhance the client ssh_config file to allow
command-based declarations similar to that provided by the "Host" keyword?
The main reason I need something like this is when ssh is used via CVS and
Subversion. I want all CVS/Subversion traffic to use a different SSH port
and different authentication options.
So... you might have an ssh_config file that