Re: passwordless ssh

From: Jon Reynolds <jonr@destar.net>
Date: Fri Nov 30 2007 - 14:32:28 AKST

Arthur Corliss wrote:
> On Fri, 30 Nov 2007, Jon Reynolds wrote:
>
>> So, I have it completed and now have passwordless ssh between all hosts
>> on my network, as long as I kinit.
>>
>> I have already pointed out the relative config options for ssh_config
>> and sshd_config. The last piece was putting a .k5login file in my users
>> home directory and adding the user and the host into the kerberos
>> database using the kadmin utility.
>
> Uh, you don't need a .k5login *unless* you're ssh'ing to hosts in a
> different kerberos realm. This assumes that you have an identical
> /etc/krb5.conf on the hosts, too, so they all agree with which realm they
> belong to.

Thanks Art, I do have a second realm that I had to put the .k5login on
to solve the problem. I have been making an internal and external domain
with dmz hosts, so I can have separation between the internal hosts and
the public hosts and those that lie between.

Jon
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Nov 30 14:33:35 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 14:33:36 AKST