User Tools

Site Tools


Sidebar

  • Kerberos {en}
  • Printing
    • Linux {en}
    • Mac OS X {en}
    • Windows {en}
  • Home Directory
    • Linux {en}
  • Scanning {en}
  • Software
    • Mathematica {en}
  • Subversion {en}
  • Virtualization {en}
  • Mail Clients
    • Thunderbird {en}
  • Wifi
    • NetworkManager {en}
    • wpa_supplicant {en}
bfh:wiki-legacy:en:kerberos:ssh

SSH

OpenSSH

The following command enables Authentication using GSSAPI:

ssh -l BFHusername -o GSSAPIAuthentication=yes catbert.bfh.ch

Your home directory won't be mounted unless you delagate your credentials:

ssh -l BFHusername -o GSSAPIAuthentication=yes -o GSSAPIDelegateCredentials=yes catbert.bfh.ch

One might argue that this isn't much more convenient than typing its own password… Well, just add the following lines to your SSH configuration in ~/.ssh/config:

Host catbert
Hostname catbert.bfh.ch
User BFHusername
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

These options are enabled by default on our PXE-based Linux setup at the TI Biel/Bienne site. You can connect to catbert by simply typing

ssh catbert

It's possible to use wildcards like

Host *.bfh.ch

in the SSH configuration - use them at your own risk.

PuTTY

Requirements

  • You have to install Kerberos for Windows as described on the Kerberos main page, otherwise your credentials won't be delegated, which is needed to mount your home directory.
  • Download (and install) the latest development snapshot from the PuTTY download page.

Configuration

Enable the options

  • Attempt GSSAPI authentication (SSH-2 only)
  • Allow GSSAPI credential delegation

and make sure that UTF-8 is selected as character set:

Enter BFHusername@catbert.bfh.ch1) under Host Name and save your session settings.

Click Open to connect to (y)our favorite SSH login server!

1) username@hostname.bfh.ch in general.
bfh/wiki-legacy/en/kerberos/ssh.txt · Last modified: 2015/11/13 15:20 (external edit)