Kerberized SSH

At FNAL Kerberized openssh is built for the FNAL flavour of Scientific Linux http://www-oss.fnal.gov/projects/fermilinux/common/kerberos.html. The kerberized openssh packages built by FNAL have the same name and occupy the same file positions as the normal openssh. Therefore on a normal Scientific LINUX machine where the FNAL build of openssh is installed any update of openssh will overwrite the FNAL RPM. To get around this problem the openssh RPM was built with a prefix and a different package name. The common and clients packages from this build

kerberized-openssh
kerberized-openssh-clients
are installed on every PPE desktop system. They can also be installed on PPE laptops as needed.


To use kerberized ssh:

1. Source one of the scripts depending on your shell1. For example a bash user would:

source /usr/fermi/kerberized-ssh/scripts/kerberized-ssh.sh

2. Generate a kerberos ticket.

kinit user

3. Connect to a remote machine.

ssh machine


(1) - After one of these scripts has been sourced users will be unable to use kerberos to access CERN's central cvs repository. Before trying to access CERN's repository unset KRB5_CONFIG via

unset KRB5_CONFIG

for bash users or

unsetenv KRB5_CONFIG

for tcsh users.

-- AndrewPickford - 13 Feb 2009

Topic revision: r1 - 2009-02-13 - AndrewPickford
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback