user183980

Asked: 2019-03-20 04:47:40 +0800 CST2019-03-20 04:47:40 +0800 CST 2019-03-20 04:47:40 +0800 CST

kerberized ssh client configuration on Ubuntu 16.04

Env:- 16.04.4 LTS (Xenial Xerus) 4.13.0-36-generic

I'm following this article (https://wiki.ubuntu.com/Enterprise/Authentication/KerberosServices ) for setting up kerberised ssh. Tried with domain instead of IP, still no luck..

Also I want to enable these kerberised users needs have sudo access on the machine, so that every kerberised users will get admin prvileges. This can be achieved by adding entry in sudoers file.

For enabling kerberized ssh its not working.

Below is the client configuration.

    $grep -i  ad.ny /etc/krb5.conf 
    kdc = ad.test.edu
    admin_server = ad.test.edu

I'm able to get the kerberos ticket without any issues

$kinit [email protected]
 Password for [email protected]:

Below is the ticket details

 $klist 
 Ticket cache: FILE:/tmp/krb5cc_1000
 Default principal: [email protected]

   Valid starting       Expires              Service principal
   03/19/2019 16:36:05  03/20/2019 02:36:05  
 krbtgt/[email protected]

Below is the ssh configuration

 $ grep -v ^# /etc/ssh/sshd_config  | grep -v -e '^$'
  Port 22
  Protocol 2
  HostKey /etc/ssh/ssh_host_rsa_key
  HostKey /etc/ssh/ssh_host_dsa_key
  HostKey /etc/ssh/ssh_host_ecdsa_key
  HostKey /etc/ssh/ssh_host_ed25519_key
  UsePrivilegeSeparation yes
  KeyRegenerationInterval 3600
  ServerKeyBits 1024
  SyslogFacility AUTH
  LogLevel INFO
  LoginGraceTime 120
  PermitRootLogin prohibit-password
  StrictModes yes
  RSAAuthentication yes
  PubkeyAuthentication yes
  IgnoreRhosts yes
  RhostsRSAAuthentication no
  HostbasedAuthentication no
  PermitEmptyPasswords no
  ChallengeResponseAuthentication no
  X11Forwarding yes
  X11DisplayOffset 10
  PrintMotd no
  PrintLastLog yes
  TCPKeepAlive yes
  AcceptEnv LANG LC_*
  Subsystem sftp /usr/lib/openssh/sftp-server
  UsePAM yes
  KerberosAuthentication yes
  KerberosTicketCleanup yes
  GSSAPIAuthentication yes
  GSSAPICleanupCredentials yes

Below is the ssh verbose output

  $ssh -K -v test/[email protected]
  << .snip>
    ..
   <snip>
  debug1: Authentications that can continue: publickey,gssapi- 
  keyex,gssapi-with-mic,password
  debug1: Trying private key: /Users/test/.ssh/id_dsa
  debug1: Trying private key: /Users/test/.ssh/id_ecdsa
  debug1: Trying private key: /Users/test/.ssh/id_ed25519
  debug1: Trying private key: /Users/test/.ssh/id_xmss
  debug1: Next authentication method: password
  test/[email protected]'s password:

kerberized ssh client configuration on Ubuntu 16.04

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?

kerberized ssh client configuration on Ubuntu 16.04

0 Answers