Authentication issue with kerberos gssapi on ssh












0















I am trying to login through ssh command to another host through Kerberos gssapi enabled but I am getting permission deny error message.



Following is command output



Administrator@bwin2k1664b-69 ~

$ ssh -K -vvv Administrator@bwin2k1664b-73

OpenSSH_7.9p1, OpenSSL 1.0.2p  14 Aug 2018

debug1: Reading configuration data /home/Administrator/.ssh/config

debug2: resolving "bwin2k1664b-73" port 22

debug2: ssh_connect_direct

debug1: Connecting to bwin2k1664b-73 [10.97.240.73] port 22.

debug1: Connection established.

debug1: identity file /home/Administrator/.ssh/id_rsa type -1

debug1: identity file /home/Administrator/.ssh/id_rsa-cert type -1

debug1: identity file /home/Administrator/.ssh/id_dsa type -1

debug1: identity file /home/Administrator/.ssh/id_dsa-cert type -1

debug1: identity file /home/Administrator/.ssh/id_ecdsa type -1

debug1: identity file /home/Administrator/.ssh/id_ecdsa-cert type -1

debug1: identity file /home/Administrator/.ssh/id_ed25519 type -1

debug1: identity file /home/Administrator/.ssh/id_ed25519-cert type -1

debug1: identity file /home/Administrator/.ssh/id_xmss type -1

debug1: identity file /home/Administrator/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_7.9

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9

debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to bwin2k1664b-73:22 as 'Administrator'

debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3

debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73

debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XxnuKY9kRRaRyjuKMX++YWeMISEKtzP/BwA0X3dxc1w

debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3

debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73

debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 10.97.240.73

debug1: Host 'bwin2k1664b-73' is known and matches the ECDSA host key.

debug1: Found key in /home/Administrator/.ssh/known_hosts:3

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 134217728 blocks

debug1: Will attempt key: /home/Administrator/.ssh/id_rsa

debug1: Will attempt key: /home/Administrator/.ssh/id_dsa

debug1: Will attempt key: /home/Administrator/.ssh/id_ecdsa

debug1: Will attempt key: /home/Administrator/.ssh/id_ed25519

debug1: Will attempt key: /home/Administrator/.ssh/id_xmss

debug2: pubkey_prepare: done

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-with-mic

debug3: start over, passed a different list publickey,gssapi-with-mic

debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup gssapi-with-mic

debug3: remaining preferred: publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-with-mic

debug1: Next authentication method: gssapi-with-mic

debug3: send packet: type 50

debug2: we sent a gssapi-with-mic packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-with-mic

debug3: send packet: type 50

debug2: we sent a gssapi-with-mic packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-with-mic

debug2: we did not send a packet, disable method

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/Administrator/.ssh/id_rsa

debug3: no such identity: /home/Administrator/.ssh/id_rsa: No such file or directory

debug1: Trying private key: /home/Administrator/.ssh/id_dsa

debug3: no such identity: /home/Administrator/.ssh/id_dsa: No such file or directory

debug1: Trying private key: /home/Administrator/.ssh/id_ecdsa

debug3: no such identity: /home/Administrator/.ssh/id_ecdsa: No such file or directory

debug1: Trying private key: /home/Administrator/.ssh/id_ed25519

debug3: no such identity: /home/Administrator/.ssh/id_ed25519: No such file or directory

debug1: Trying private key: /home/Administrator/.ssh/id_xmss

debug3: no such identity: /home/Administrator/.ssh/id_xmss: No such file or directory

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

Administrator@bwin2k1664b-73: Permission denied (publickey,gssapi-with-mic).


do have following setting on server -



BWIN2K1664B-73+Administrator@bwin2k1664b-73 ~

$ cat .ssh/config

Host *.BWAMBW.com

    User Administrator

    GSSAPIAuthentication yes

    GSSAPIDelegateCredentials yes


In /etc/sshd_config file -



KerberosAuthentication yes

KerberosTicketCleanup yes



# GSSAPI options

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes


Please note envs kdc, client and server are on windows platform. I am working through Cygwin.



Can someone please help me on this.



Let me know if you need further more information.



Thanks,
Hrushi






windows ssh cygwin kerberos







share|improve this question



























    0















    I am trying to login through ssh command to another host through Kerberos gssapi enabled but I am getting permission deny error message.



    Following is command output



    Administrator@bwin2k1664b-69 ~
    
$ ssh -K -vvv Administrator@bwin2k1664b-73
    
OpenSSH_7.9p1, OpenSSL 1.0.2p  14 Aug 2018
    
debug1: Reading configuration data /home/Administrator/.ssh/config
    
debug2: resolving "bwin2k1664b-73" port 22
    
debug2: ssh_connect_direct
    
debug1: Connecting to bwin2k1664b-73 [10.97.240.73] port 22.
    
debug1: Connection established.
    
debug1: identity file /home/Administrator/.ssh/id_rsa type -1
    
debug1: identity file /home/Administrator/.ssh/id_rsa-cert type -1
    
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
    
debug1: identity file /home/Administrator/.ssh/id_dsa-cert type -1
    
debug1: identity file /home/Administrator/.ssh/id_ecdsa type -1
    
debug1: identity file /home/Administrator/.ssh/id_ecdsa-cert type -1
    
debug1: identity file /home/Administrator/.ssh/id_ed25519 type -1
    
debug1: identity file /home/Administrator/.ssh/id_ed25519-cert type -1
    
debug1: identity file /home/Administrator/.ssh/id_xmss type -1
    
debug1: identity file /home/Administrator/.ssh/id_xmss-cert type -1
    
debug1: Local version string SSH-2.0-OpenSSH_7.9
    
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
    
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
    
debug2: fd 3 setting O_NONBLOCK
    
debug1: Authenticating to bwin2k1664b-73:22 as 'Administrator'
    
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
    
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3
    
debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73
    
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    
debug3: send packet: type 20
    
debug1: SSH2_MSG_KEXINIT sent
    
debug3: receive packet: type 20
    
debug1: SSH2_MSG_KEXINIT received
    
debug2: local client KEXINIT proposal
    
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
    
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    
debug2: compression ctos: none,zlib@openssh.com,zlib
    
debug2: compression stoc: none,zlib@openssh.com,zlib
    
debug2: languages ctos:
    
debug2: languages stoc:
    
debug2: first_kex_follows 0
    
debug2: reserved 0
    
debug2: peer server KEXINIT proposal
    
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
    
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
    
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    
debug2: compression ctos: none,zlib@openssh.com
    
debug2: compression stoc: none,zlib@openssh.com
    
debug2: languages ctos:
    
debug2: languages stoc:
    
debug2: first_kex_follows 0
    
debug2: reserved 0
    
debug1: kex: algorithm: curve25519-sha256
    
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    
debug3: send packet: type 30
    
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    
debug3: receive packet: type 31
    
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XxnuKY9kRRaRyjuKMX++YWeMISEKtzP/BwA0X3dxc1w
    
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
    
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3
    
debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73
    
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
    
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:1
    
debug3: load_hostkeys: loaded 1 keys from 10.97.240.73
    
debug1: Host 'bwin2k1664b-73' is known and matches the ECDSA host key.
    
debug1: Found key in /home/Administrator/.ssh/known_hosts:3
    
debug3: send packet: type 21
    
debug2: set_newkeys: mode 1
    
debug1: rekey after 134217728 blocks
    
debug1: SSH2_MSG_NEWKEYS sent
    
debug1: expecting SSH2_MSG_NEWKEYS
    
debug3: receive packet: type 21
    
debug1: SSH2_MSG_NEWKEYS received
    
debug2: set_newkeys: mode 0
    
debug1: rekey after 134217728 blocks
    
debug1: Will attempt key: /home/Administrator/.ssh/id_rsa
    
debug1: Will attempt key: /home/Administrator/.ssh/id_dsa
    
debug1: Will attempt key: /home/Administrator/.ssh/id_ecdsa
    
debug1: Will attempt key: /home/Administrator/.ssh/id_ed25519
    
debug1: Will attempt key: /home/Administrator/.ssh/id_xmss
    
debug2: pubkey_prepare: done
    
debug3: send packet: type 5
    
debug3: receive packet: type 7
    
debug1: SSH2_MSG_EXT_INFO received
    
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
    
debug3: receive packet: type 6
    
debug2: service_accept: ssh-userauth
    
debug1: SSH2_MSG_SERVICE_ACCEPT received
    
debug3: send packet: type 50
    
debug3: receive packet: type 51
    
debug1: Authentications that can continue: publickey,gssapi-with-mic
    
debug3: start over, passed a different list publickey,gssapi-with-mic
    
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
    
debug3: authmethod_lookup gssapi-with-mic
    
debug3: remaining preferred: publickey,keyboard-interactive,password
    
debug3: authmethod_is_enabled gssapi-with-mic
    
debug1: Next authentication method: gssapi-with-mic
    
debug3: send packet: type 50
    
debug2: we sent a gssapi-with-mic packet, wait for reply
    
debug3: receive packet: type 51
    
debug1: Authentications that can continue: publickey,gssapi-with-mic
    
debug3: send packet: type 50
    
debug2: we sent a gssapi-with-mic packet, wait for reply
    
debug3: receive packet: type 51
    
debug1: Authentications that can continue: publickey,gssapi-with-mic
    
debug2: we did not send a packet, disable method
    
debug3: authmethod_lookup publickey
    
debug3: remaining preferred: keyboard-interactive,password
    
debug3: authmethod_is_enabled publickey
    
debug1: Next authentication method: publickey
    
debug1: Trying private key: /home/Administrator/.ssh/id_rsa
    
debug3: no such identity: /home/Administrator/.ssh/id_rsa: No such file or directory
    
debug1: Trying private key: /home/Administrator/.ssh/id_dsa
    
debug3: no such identity: /home/Administrator/.ssh/id_dsa: No such file or directory
    
debug1: Trying private key: /home/Administrator/.ssh/id_ecdsa
    
debug3: no such identity: /home/Administrator/.ssh/id_ecdsa: No such file or directory
    
debug1: Trying private key: /home/Administrator/.ssh/id_ed25519
    
debug3: no such identity: /home/Administrator/.ssh/id_ed25519: No such file or directory
    
debug1: Trying private key: /home/Administrator/.ssh/id_xmss
    
debug3: no such identity: /home/Administrator/.ssh/id_xmss: No such file or directory
    
debug2: we did not send a packet, disable method
    
debug1: No more authentication methods to try.
    
Administrator@bwin2k1664b-73: Permission denied (publickey,gssapi-with-mic).


    do have following setting on server -



    BWIN2K1664B-73+Administrator@bwin2k1664b-73 ~
    
$ cat .ssh/config
    
Host *.BWAMBW.com
    
    User Administrator
    
    GSSAPIAuthentication yes
    
    GSSAPIDelegateCredentials yes


    In /etc/sshd_config file -



    KerberosAuthentication yes
    
KerberosTicketCleanup yes
    

    
# GSSAPI options
    
GSSAPIAuthentication yes
    
GSSAPICleanupCredentials yes


    Please note envs kdc, client and server are on windows platform. I am working through Cygwin.



    Can someone please help me on this.



    Let me know if you need further more information.



    Thanks,
    Hrushi






    windows ssh cygwin kerberos







    share|improve this question

























      0












      0








      0








      I am trying to login through ssh command to another host through Kerberos gssapi enabled but I am getting permission deny error message.



      Following is command output



      Administrator@bwin2k1664b-69 ~
      
$ ssh -K -vvv Administrator@bwin2k1664b-73
      
OpenSSH_7.9p1, OpenSSL 1.0.2p  14 Aug 2018
      
debug1: Reading configuration data /home/Administrator/.ssh/config
      
debug2: resolving "bwin2k1664b-73" port 22
      
debug2: ssh_connect_direct
      
debug1: Connecting to bwin2k1664b-73 [10.97.240.73] port 22.
      
debug1: Connection established.
      
debug1: identity file /home/Administrator/.ssh/id_rsa type -1
      
debug1: identity file /home/Administrator/.ssh/id_rsa-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
      
debug1: identity file /home/Administrator/.ssh/id_dsa-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_ecdsa type -1
      
debug1: identity file /home/Administrator/.ssh/id_ecdsa-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_ed25519 type -1
      
debug1: identity file /home/Administrator/.ssh/id_ed25519-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_xmss type -1
      
debug1: identity file /home/Administrator/.ssh/id_xmss-cert type -1
      
debug1: Local version string SSH-2.0-OpenSSH_7.9
      
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
      
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
      
debug2: fd 3 setting O_NONBLOCK
      
debug1: Authenticating to bwin2k1664b-73:22 as 'Administrator'
      
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
      
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3
      
debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73
      
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
      
debug3: send packet: type 20
      
debug1: SSH2_MSG_KEXINIT sent
      
debug3: receive packet: type 20
      
debug1: SSH2_MSG_KEXINIT received
      
debug2: local client KEXINIT proposal
      
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
      
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
      
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: compression ctos: none,zlib@openssh.com,zlib
      
debug2: compression stoc: none,zlib@openssh.com,zlib
      
debug2: languages ctos:
      
debug2: languages stoc:
      
debug2: first_kex_follows 0
      
debug2: reserved 0
      
debug2: peer server KEXINIT proposal
      
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
      
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
      
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: compression ctos: none,zlib@openssh.com
      
debug2: compression stoc: none,zlib@openssh.com
      
debug2: languages ctos:
      
debug2: languages stoc:
      
debug2: first_kex_follows 0
      
debug2: reserved 0
      
debug1: kex: algorithm: curve25519-sha256
      
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
      
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
      
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
      
debug3: send packet: type 30
      
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
      
debug3: receive packet: type 31
      
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XxnuKY9kRRaRyjuKMX++YWeMISEKtzP/BwA0X3dxc1w
      
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
      
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3
      
debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73
      
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
      
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:1
      
debug3: load_hostkeys: loaded 1 keys from 10.97.240.73
      
debug1: Host 'bwin2k1664b-73' is known and matches the ECDSA host key.
      
debug1: Found key in /home/Administrator/.ssh/known_hosts:3
      
debug3: send packet: type 21
      
debug2: set_newkeys: mode 1
      
debug1: rekey after 134217728 blocks
      
debug1: SSH2_MSG_NEWKEYS sent
      
debug1: expecting SSH2_MSG_NEWKEYS
      
debug3: receive packet: type 21
      
debug1: SSH2_MSG_NEWKEYS received
      
debug2: set_newkeys: mode 0
      
debug1: rekey after 134217728 blocks
      
debug1: Will attempt key: /home/Administrator/.ssh/id_rsa
      
debug1: Will attempt key: /home/Administrator/.ssh/id_dsa
      
debug1: Will attempt key: /home/Administrator/.ssh/id_ecdsa
      
debug1: Will attempt key: /home/Administrator/.ssh/id_ed25519
      
debug1: Will attempt key: /home/Administrator/.ssh/id_xmss
      
debug2: pubkey_prepare: done
      
debug3: send packet: type 5
      
debug3: receive packet: type 7
      
debug1: SSH2_MSG_EXT_INFO received
      
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
      
debug3: receive packet: type 6
      
debug2: service_accept: ssh-userauth
      
debug1: SSH2_MSG_SERVICE_ACCEPT received
      
debug3: send packet: type 50
      
debug3: receive packet: type 51
      
debug1: Authentications that can continue: publickey,gssapi-with-mic
      
debug3: start over, passed a different list publickey,gssapi-with-mic
      
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
      
debug3: authmethod_lookup gssapi-with-mic
      
debug3: remaining preferred: publickey,keyboard-interactive,password
      
debug3: authmethod_is_enabled gssapi-with-mic
      
debug1: Next authentication method: gssapi-with-mic
      
debug3: send packet: type 50
      
debug2: we sent a gssapi-with-mic packet, wait for reply
      
debug3: receive packet: type 51
      
debug1: Authentications that can continue: publickey,gssapi-with-mic
      
debug3: send packet: type 50
      
debug2: we sent a gssapi-with-mic packet, wait for reply
      
debug3: receive packet: type 51
      
debug1: Authentications that can continue: publickey,gssapi-with-mic
      
debug2: we did not send a packet, disable method
      
debug3: authmethod_lookup publickey
      
debug3: remaining preferred: keyboard-interactive,password
      
debug3: authmethod_is_enabled publickey
      
debug1: Next authentication method: publickey
      
debug1: Trying private key: /home/Administrator/.ssh/id_rsa
      
debug3: no such identity: /home/Administrator/.ssh/id_rsa: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_dsa
      
debug3: no such identity: /home/Administrator/.ssh/id_dsa: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_ecdsa
      
debug3: no such identity: /home/Administrator/.ssh/id_ecdsa: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_ed25519
      
debug3: no such identity: /home/Administrator/.ssh/id_ed25519: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_xmss
      
debug3: no such identity: /home/Administrator/.ssh/id_xmss: No such file or directory
      
debug2: we did not send a packet, disable method
      
debug1: No more authentication methods to try.
      
Administrator@bwin2k1664b-73: Permission denied (publickey,gssapi-with-mic).


      do have following setting on server -



      BWIN2K1664B-73+Administrator@bwin2k1664b-73 ~
      
$ cat .ssh/config
      
Host *.BWAMBW.com
      
    User Administrator
      
    GSSAPIAuthentication yes
      
    GSSAPIDelegateCredentials yes


      In /etc/sshd_config file -



      KerberosAuthentication yes
      
KerberosTicketCleanup yes
      

      
# GSSAPI options
      
GSSAPIAuthentication yes
      
GSSAPICleanupCredentials yes


      Please note envs kdc, client and server are on windows platform. I am working through Cygwin.



      Can someone please help me on this.



      Let me know if you need further more information.



      Thanks,
      Hrushi






      windows ssh cygwin kerberos







      share|improve this question














      I am trying to login through ssh command to another host through Kerberos gssapi enabled but I am getting permission deny error message.



      Following is command output



      Administrator@bwin2k1664b-69 ~
      
$ ssh -K -vvv Administrator@bwin2k1664b-73
      
OpenSSH_7.9p1, OpenSSL 1.0.2p  14 Aug 2018
      
debug1: Reading configuration data /home/Administrator/.ssh/config
      
debug2: resolving "bwin2k1664b-73" port 22
      
debug2: ssh_connect_direct
      
debug1: Connecting to bwin2k1664b-73 [10.97.240.73] port 22.
      
debug1: Connection established.
      
debug1: identity file /home/Administrator/.ssh/id_rsa type -1
      
debug1: identity file /home/Administrator/.ssh/id_rsa-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
      
debug1: identity file /home/Administrator/.ssh/id_dsa-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_ecdsa type -1
      
debug1: identity file /home/Administrator/.ssh/id_ecdsa-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_ed25519 type -1
      
debug1: identity file /home/Administrator/.ssh/id_ed25519-cert type -1
      
debug1: identity file /home/Administrator/.ssh/id_xmss type -1
      
debug1: identity file /home/Administrator/.ssh/id_xmss-cert type -1
      
debug1: Local version string SSH-2.0-OpenSSH_7.9
      
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
      
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
      
debug2: fd 3 setting O_NONBLOCK
      
debug1: Authenticating to bwin2k1664b-73:22 as 'Administrator'
      
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
      
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3
      
debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73
      
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
      
debug3: send packet: type 20
      
debug1: SSH2_MSG_KEXINIT sent
      
debug3: receive packet: type 20
      
debug1: SSH2_MSG_KEXINIT received
      
debug2: local client KEXINIT proposal
      
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
      
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
      
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: compression ctos: none,zlib@openssh.com,zlib
      
debug2: compression stoc: none,zlib@openssh.com,zlib
      
debug2: languages ctos:
      
debug2: languages stoc:
      
debug2: first_kex_follows 0
      
debug2: reserved 0
      
debug2: peer server KEXINIT proposal
      
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
      
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
      
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
      
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
      
debug2: compression ctos: none,zlib@openssh.com
      
debug2: compression stoc: none,zlib@openssh.com
      
debug2: languages ctos:
      
debug2: languages stoc:
      
debug2: first_kex_follows 0
      
debug2: reserved 0
      
debug1: kex: algorithm: curve25519-sha256
      
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
      
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
      
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
      
debug3: send packet: type 30
      
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
      
debug3: receive packet: type 31
      
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XxnuKY9kRRaRyjuKMX++YWeMISEKtzP/BwA0X3dxc1w
      
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
      
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:3
      
debug3: load_hostkeys: loaded 1 keys from bwin2k1664b-73
      
debug3: hostkeys_foreach: reading file "/home/Administrator/.ssh/known_hosts"
      
debug3: record_hostkey: found key type ECDSA in file /home/Administrator/.ssh/known_hosts:1
      
debug3: load_hostkeys: loaded 1 keys from 10.97.240.73
      
debug1: Host 'bwin2k1664b-73' is known and matches the ECDSA host key.
      
debug1: Found key in /home/Administrator/.ssh/known_hosts:3
      
debug3: send packet: type 21
      
debug2: set_newkeys: mode 1
      
debug1: rekey after 134217728 blocks
      
debug1: SSH2_MSG_NEWKEYS sent
      
debug1: expecting SSH2_MSG_NEWKEYS
      
debug3: receive packet: type 21
      
debug1: SSH2_MSG_NEWKEYS received
      
debug2: set_newkeys: mode 0
      
debug1: rekey after 134217728 blocks
      
debug1: Will attempt key: /home/Administrator/.ssh/id_rsa
      
debug1: Will attempt key: /home/Administrator/.ssh/id_dsa
      
debug1: Will attempt key: /home/Administrator/.ssh/id_ecdsa
      
debug1: Will attempt key: /home/Administrator/.ssh/id_ed25519
      
debug1: Will attempt key: /home/Administrator/.ssh/id_xmss
      
debug2: pubkey_prepare: done
      
debug3: send packet: type 5
      
debug3: receive packet: type 7
      
debug1: SSH2_MSG_EXT_INFO received
      
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
      
debug3: receive packet: type 6
      
debug2: service_accept: ssh-userauth
      
debug1: SSH2_MSG_SERVICE_ACCEPT received
      
debug3: send packet: type 50
      
debug3: receive packet: type 51
      
debug1: Authentications that can continue: publickey,gssapi-with-mic
      
debug3: start over, passed a different list publickey,gssapi-with-mic
      
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
      
debug3: authmethod_lookup gssapi-with-mic
      
debug3: remaining preferred: publickey,keyboard-interactive,password
      
debug3: authmethod_is_enabled gssapi-with-mic
      
debug1: Next authentication method: gssapi-with-mic
      
debug3: send packet: type 50
      
debug2: we sent a gssapi-with-mic packet, wait for reply
      
debug3: receive packet: type 51
      
debug1: Authentications that can continue: publickey,gssapi-with-mic
      
debug3: send packet: type 50
      
debug2: we sent a gssapi-with-mic packet, wait for reply
      
debug3: receive packet: type 51
      
debug1: Authentications that can continue: publickey,gssapi-with-mic
      
debug2: we did not send a packet, disable method
      
debug3: authmethod_lookup publickey
      
debug3: remaining preferred: keyboard-interactive,password
      
debug3: authmethod_is_enabled publickey
      
debug1: Next authentication method: publickey
      
debug1: Trying private key: /home/Administrator/.ssh/id_rsa
      
debug3: no such identity: /home/Administrator/.ssh/id_rsa: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_dsa
      
debug3: no such identity: /home/Administrator/.ssh/id_dsa: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_ecdsa
      
debug3: no such identity: /home/Administrator/.ssh/id_ecdsa: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_ed25519
      
debug3: no such identity: /home/Administrator/.ssh/id_ed25519: No such file or directory
      
debug1: Trying private key: /home/Administrator/.ssh/id_xmss
      
debug3: no such identity: /home/Administrator/.ssh/id_xmss: No such file or directory
      
debug2: we did not send a packet, disable method
      
debug1: No more authentication methods to try.
      
Administrator@bwin2k1664b-73: Permission denied (publickey,gssapi-with-mic).


      do have following setting on server -



      BWIN2K1664B-73+Administrator@bwin2k1664b-73 ~
      
$ cat .ssh/config
      
Host *.BWAMBW.com
      
    User Administrator
      
    GSSAPIAuthentication yes
      
    GSSAPIDelegateCredentials yes


      In /etc/sshd_config file -



      KerberosAuthentication yes
      
KerberosTicketCleanup yes
      

      
# GSSAPI options
      
GSSAPIAuthentication yes
      
GSSAPICleanupCredentials yes


      Please note envs kdc, client and server are on windows platform. I am working through Cygwin.



      Can someone please help me on this.



      Let me know if you need further more information.



      Thanks,
      Hrushi






      windows ssh cygwin kerberos




      windows ssh cygwin kerberos






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 23 at 12:57









      HrushiHrushi

      63




      63






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1397450%2fauthentication-issue-with-kerberos-gssapi-on-ssh%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1397450%2fauthentication-issue-with-kerberos-gssapi-on-ssh%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Сан-Квентин

          Image
          Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
          Read more

          Алькесар

          Image
          Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
          Read more

          Josef Freinademetz

          Image
          San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
          Read more