Displaying 20 results from an estimated 5000 matches similar to: "Another request for gss-keyex inclusion"
2014 Jan 24
3
[Bug 2198] New: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex()
https://bugzilla.mindrot.org/show_bug.cgi?id=2198
Bug ID: 2198
Summary: GSSAPIKeyExchange gssapi-keyex bug in kex.c
choose_kex()
Product: Portable OpenSSH
Version: 6.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Kerberos support
2003 Aug 22
1
gss userauth (fwd)
what about this? can we do about this if
we break the protocol?
-------------- next part --------------
An embedded message was scrubbed...
From: Love <lha at stacken.kth.se>
Subject: gss userauth
Date: Fri, 22 Aug 2003 16:06:27 +0200
Size: 2878
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030822/f7bb85a0/attachment.mht
2005 Sep 26
0
New GSSAPI Key Exchange patch for OpenSSH 4.2p1
Hi,
This is to announce the availability of a new version of my GSSAPI key
exchange patch for OpenSSH.
The code is available from
http://www.sxw.org.uk/computing/patches/openssh.html
Changes since the last release are:
*) Implement GSS group exchange
*) Disable DNS canonicalization of the hostname passed to the GSSAPI
library - an option is provided to allow this to be overriden on
2015 Sep 02
3
[Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
Bug ID: 2456
Summary: gssapi-keyex blocked by
PermitRootLogin=without-password
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2019 Jan 18
0
SSH SSO without keytab file
Hai,
I did see that you are using Administrator, and thats the problem.
Administrator is mapped to root ( most of the time ),
if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0.
Never ever give Administrator a UID/GID, create a new one assign that one a UID/GID.
So try again with a normal user, that does have a UID/GID.
If that does not work, please
2016 May 19
0
google cloud compute with PEM file
On Tue, May 17, 2016 16:34, Dustin Kempter wrote:
ere.
>>
> Here is the command and output
>
>
> [test1 at pgpool1 ~]$ ssh -v -i /home/test1/my-key.txt
> upload at 144.167.188.62
. . .
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic
> debug1: Next authentication method: gssapi-keyex
> debug1: No valid Key exchange context
>
2016 May 17
0
google cloud compute with PEM file
On 5/17/16 2:12 PM, Frank Cox wrote:
> On Tue, 17 May 2016 13:59:18 -0600
> Dustin Kempter wrote:
>
>> Is there something I missed?
> ssh -v serveryouwanttoconnectto
>
> That will tell you what the problem is.
>
> If you don't understand the output, post it here.
>
Here is the command and output
[test1 at pgpool1 ~]$ ssh -v -i /home/test1/my-key.txt upload
2017 Nov 01
0
Winbind, Kerberos, SSH and Single Sign On
I can suggest a few things.
krb5.conf ( if you use nfsv4 with kerberized mounts _
[libdefaults]
ignore_k5login = true in
But, it does not look like it in you logs your useing kerberized mounts.
Im missing in SSHD_config :
UseDNS yes
And the defaults :
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Are sufficient for a normal ssh kerberized login.
Optional,
2017 Nov 02
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be
correct. I'm able to do a kerberized ssh with a user from
subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm
not able to do the same with a user from example.de (user1 at EXAMPLE.DE).
--
Regards,
Andreas
Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba:
> I can suggest a few
2015 Nov 03
0
SSH login between servers still asking for password, why?
Hi
On Tue, Nov 3, 2015 at 4:56 PM, Reynier Perez Mira <reynierpm at gmail.com>
wrote:
> I have two servers identified as `server-1 - 192.168.3.128` and `server-2 -
> 192.168.3.130`. I am setting up `capifony` for automatic deployment from
> server-1 to server-2 and this is what I have done so far:
>
> 1. In both servers I have created a user `deploy` without password since
2016 Nov 16
4
long delay when logging in
I have a CentOS 7 system and when I login with putty or ssh there is a
long delay before I get the password prompt. I ran ssh -v and I found
that it gets up to this:
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
and then
2016 Nov 17
0
long delay when logging in
Edit /etc/ssh/sshd_config
Set:
UseDNS no
GSSAPIAuthentication no
Save, restart sshd, try again.
digimer
On 16/11/16 06:07 PM, Larry Martell wrote:
> I have a CentOS 7 system and when I login with putty or ssh there is a
> long delay before I get the password prompt. I ran ssh -v and I found
> that it gets up to this:
>
> debug1: ssh_ecdsa_verify: signature correct
> debug1:
2011 Dec 08
1
Converting SSH2 keys for use in OpenSSH
I have a couple of keys generated using the F-Secure SSH2 client. I have converted those keys using "ssh-keygen -i -f samplekey.txt >> ~/.ssh/authorized_keys". When I try and log into the OpenSSH server using those keys, OpenSSH rejects using those keys.
I am under the assumption that this is supposed to work. If I connect using a password, there is no problem. It just does not
2019 Jan 18
1
SSH SSO without keytab file
Thanks for the prompt reply!
> I did see that you are using Administrator, and thats the problem.
> Administrator is mapped to root ( most of the time ),
> if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0.
>
> Never ever give Administrator a UID/GID
I am using tdb backend. It mapped administrator account to 12000:10000.
> So try again
2015 Nov 03
3
SSH login between servers still asking for password, why?
I have two servers identified as `server-1 - 192.168.3.128` and `server-2 -
192.168.3.130`. I am setting up `capifony` for automatic deployment from
server-1 to server-2 and this is what I have done so far:
1. In both servers I have created a user `deploy` without password since
that's the user I will use for deployment.
2. In server-1 I setup a SSH keys by running the command:
2003 Sep 16
0
ANNOUNCE: GSSLib support for OpenSSH (patch)
Hello,
Based on the GSS userauth code that went into 3.7p1, I have made a
patch to make OpenSSH support an alternative Kerberos 5 implementation
called Shishi, via an alternative GSS-API implementation called GSSLib.
The reason behind this message is mostly to let you know that another
pair of eyes has been reading GSS userauth code in OpenSSH, and my
impression is that it looks pretty good. I
2017 Nov 01
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
at first I'm not sure if this is the correct list to ask this question.
But since I'm using winbind I hope you can help me.
I try to realize a kerberized ssh from one client to another. Both
clients are member of subdom2.subdom1.example.de and joined to it. The
users are from example.de, where subdom1.example.de is a subdomain
(bidirectional trust) of example.de and
2011 Jul 28
1
intermittent problems obtaining shell with gssapi-with-mic
Hi,
I am seeing a rather strange issue with openssh-5.3p1 (both client and
server) under scientific linux 6. The systems in question are set up
to authenticate against a Kerberos server. ssh'ing between machines
works fine 99% of the time with the gssapi-with-mic method. But on
occasion an ssh session will fail to spawn a sheel for the user after
authentication. An example -vvv output in this
2007 Aug 01
0
Hostname DNS update (using nsupdate-gss) to Active Directory DNS using Sites
Hi,
We were unable to use nsupdate-gss to a Windows 2003 Active Directory. I
modified the nsupdate-gss script to use the local Domain Controller to do
the DNS update and then it works (albeit giving a TKEY integrity error).
The patch attached adds a 5th argument to the command line to specify the
local Domain Controller to send the DNS update to.
Usage: nsupdate-gss.pl HOST DOMAIN IP TTL
2013 Nov 20
1
Samba4 and GSSAPI based authentication for OpenSSH
I seem to be having the same issue as
https://lists.samba.org/archive/samba/2012-December/170426.html. I
don't see that he ever reached a solution.
Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS
failure. Minor code may provide more information\nNo key table entry
found matching host/appdb01-qa.mediture.dom@\n
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: