<noob> SSH with Kerberos from Windows XP - Kerberos

This is a discussion on <noob> SSH with Kerberos from Windows XP - Kerberos ; Hello everyone. I'm new here, so please don't hurt me. I want to use Kerberos authentication when SSHing from a home Windows XP machine to a remote network. How do I configure my PC? Client PC: * Microsoft Windows XP ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: <noob> SSH with Kerberos from Windows XP

  1. <noob> SSH with Kerberos from Windows XP

    Hello everyone. I'm new here, so please don't hurt me.

    I want to use Kerberos authentication when SSHing from a home Windows XP
    machine to a remote network. How do I configure my PC?



    Client PC:
    * Microsoft Windows XP Pro SP3
    * stand-alone home PC (domain = False)
    * I have the install CD

    User:
    * I'd prefer to use Microsoft's Kerberos if such a thing exists
    (MIT Kerberos has a stupid interface)
    * I use PuTTY for SSH
    * I have the QuestPuTTY mod
    * I like command-line
    * I don't like Cygwin

    Server:
    * Heimdal Kerberos
    * Debian Linux
    * I know the realm and KDC server address





    --
    Mantas Mikul─Śnas

  2. Re: <noob> SSH with Kerberos from Windows XP



    Mantas Mikul─Śnas wrote:
    > Hello everyone. I'm new here, so please don't hurt me.
    >
    > I want to use Kerberos authentication when SSHing from a home Windows XP
    > machine to a remote network. How do I configure my PC?
    >
    >
    >
    > Client PC:
    > * Microsoft Windows XP Pro SP3
    > * stand-alone home PC (domain = False)
    > * I have the install CD
    >
    > User:
    > * I'd prefer to use Microsoft's Kerberos if such a thing exists


    Yes and No. It is normally used only when the machine is joined
    to an AD domain, and the user logins in to the domain. This
    also implies AD is providing authorization data.

    But you could use the Windows ksetup command to set the name
    of the realm, and locations of the KDCs. Then use the Windows
    runas command to get a TGT usable only in the cmd.exe

    runas /netonly /user:user@REALM cmd.exe

    It will prompt for the Kerberos password. The TGT
    (You may need other parameters too.)
    you can then use the Windows klist command from this window
    to see the tickets, and start the Quest PuTTY. The PuTTY will
    use "SSPI" i.e. Windows GSSAPI to autheticate to a sshd
    with GSSAPI.

    cd \Program Files\Quest Software\PuTTY
    putty.exe -load my.host.profile

    > (MIT Kerberos has a stupid interface)


    A lot easier then what I just described above...

    > * I use PuTTY for SSH
    > * I have the QuestPuTTY mod
    > * I like command-line
    > * I don't like Cygwin
    >
    > Server:
    > * Heimdal Kerberos
    > * Debian Linux
    > * I know the realm and KDC server address
    >
    >
    >
    >
    >


    --

    Douglas E. Engert
    Argonne National Laboratory
    9700 South Cass Avenue
    Argonne, Illinois 60439
    (630) 252-5444

+ Reply to Thread