Ubuntu :: Ticket Forwarding / GSSAPI / Failed Gssapi-with-mic
Dec 11, 2010
I am trying to get kerberos ticket forwarding via SSH to work between RHEL and Ubuntu. It is working, when connecting from Ubuntu to RHEL, but not the other way round. (It also works between RHEL machines.) I have enabled the GSSAPI features in both SSH client and server, checked keytabs and verified, that my ticket is forwardable.
Any idea, how to get more information? Could it have s. th. to do with using allow_weak_crypto=yes in our krb5.conf? I have to use that, because our kerberos server only supports DES encryption.
View 2 Replies
ADVERTISEMENT
May 13, 2011
I'm trying to login to a server using gssapi-with-mic authentication against one of my school's machines that supports this mode of authentication. I have these kerberos packages installed:
batrick@menzoberranzan:~$ dpkg -l | grep krb
ii krb5-config 2.2 Configuration files for Kerberos Version 5
[code]....
View 1 Replies
View Related
May 5, 2011
I've managed to get my Fedora box authenticate to AD with NSS_LDAP module with SSL working. I would like to bring this authentication to the next step by using SASL /GSSAPI, however I find very little / no documentation exist on this topic? I was wondering does anyone know where I can get the documentation on how to setup NSS_LDAP talking to AD with SASL/GSSAPI?
View 3 Replies
View Related
Jan 15, 2010
I have a Kerberos/LDAP/OpenAFS server running on Debian lenny, set up according to Davor Ocelic's excellent guide here (url). SSHd has ben configured to use GSSAPI auth and the clients have been configured to pass auth tokens through to the server.
My clients are all Ubuntu 9.10 x86 fully patched. On the clients, OpenAFS has been compiled and installed as a kernel module and git 1.6.6 has been compiled from source and installed. Otherwise, all software is stock Ubuntu repository-ware.
The setup is working fine as long as I connect to the primary server using its hostname:
peter@client01:~$ ssh nana
<connection goes through seamlessly without prompting>
peter@nana:~$
If I try to connect via a DNS alias (actually a second CNAME record), I get:
peter@client01:~$ ssh git1
peter@git1's password:
<connection completes>
peter@nana:~$
I need both passwordless auth and the DNS alias working, as it's internal policy that user connections are only ever made to service names, not real hostnames.
I have tried adding a second host principal to Kerberos for the alias (git1.darling.local) in addition to the host principal for the hostname (nana.darling.local).
If I turn off PasswordAuthentication in sshd_config, then "ssh git1" doesn't even fall through to passwords; it just denies logins. So it looks like it's not even using GSSAPI for the DNS alias.
So:
1) Is what I want even possible? I can't find anything that indicates that there's anything odd about DNS aliases such that this should happen.
2) Which config files should I post to help debug this? There's a lot and I didn't want to start blarfing them here if they aren't helpful.
View 1 Replies
View Related
Feb 4, 2011
I'm having a remote server running SSH, I use the scp from my local computer like this:scp filename.txt username@IP:Port:home/usernameit asks for the password, I supply it, he doesn't accept it for 3 times and then I get "Permission denied (publickey,gssapi-with-mic,password)"
View 1 Replies
View Related
May 15, 2011
I want to create a tunnel from my home computer to a linux server by SSH, then i can use the tunnel as a tcp forwarding proxy(SOCK 5) to access the web via the linux server. But i got "Internet Explorer cannot display the webpage" on my home computer, and when i check the "/var/log/secure" in the linux server(fedora), I found: "sshd[17926]: error: connect to xx.xx.xx.xx port 80 failed: Permission denied"
View 14 Replies
View Related
Mar 31, 2011
I also had ever tried all methods they mentioned, but my problem is still there. I am using a MAC OS X 10.6 ssh a remote redhat server. I hope to see X of redhat on my own MAC. Below is what I've done: 'MAC_ip' stands for my mac; 'redhat_ip' stands for redhat server.
1) ssh to redhat server
2) change to root
3) type command: DISPLAY=MAC_ip:0.0
4) type command: export
5) Back to MAC
6) change to root
7) type command: xhost +Redhat_ip
8) vim /etc/ssh_config, add X11Forwarding yes
9) Back to redhat, type: xclock
I got below message: Error: Can't open display: MAC_ip:0.0 I also tried some methods to login as others suggested:
[Code]....
View 10 Replies
View Related
Aug 7, 2010
When I use the following command:
ssh user@ssh_server -L 5500:localhost:5500 -p 22
everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:
ssh user@ssh_server -R 5500:localhost:5500 -p 22
I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...
View 2 Replies
View Related
Jul 20, 2010
I tried to make "ssh tunneling", but failed and got this message.
Quote:
Administrator@windstory-PC /
$ ssh -R 7869:localhost:7869 windowsstudy@192.168.0.4
windowsstudy@192.168.0.4's password:
Warning: remote port forwarding failed for listen port 7869 Last login: Wed Jul 21 01:56:04 2010 from 192.168.0.2 -bash-3.2$
1. system environment
192.168.0.2 - windows 7 + copssh
192.168.0.4 - centos 5.4 x86 + openssh
2. Guide for setting "ssh tunneling"
[URL]
3. Added this to sshd.conf
Quote:
AllowTcpForwarding yes
4. "netstat -na|grep 7869" at 192.168.0.4
Quote:
[root:maestro:~]# netstat -na|grep 7869
tcp 0 0 0.0.0.0:7869 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7869 127.0.0.1:53539 ESTABLISHED
[code]....
5. result of "ssh -vvv -R 7869:localhost:7869 windowsstudy@192.168.0.4"
Quote:
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
[code]....
6. I added 7869 for telnet service as follow;
Quote:
mytelnet 7869/tcp # My Telnet server
View 1 Replies
View Related
Dec 12, 2009
I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:
Code:
PORT STATE SERVICE
22350/tcp closed unknown
[code]....
View 2 Replies
View Related
Mar 30, 2011
Using "ssh -X user@server", it's easy to run programs on the server and see their GUI on the client machine. But I want to run the complete gdm on the server so it shows me Gnome login (for example on the vt8; accessible by Ctrl+Alt+F8 ) and when I login, I could work on remote machine while local display is in use via ssh X forwarding. I know that usual solution is to use VNC for remote desktop functionality, but I want ssh X forwarding / gdm combination. Is it possible?
Also I tried "ssh -Xf user@server gdm" and running another X server on my local machine, but it fails sine there is ANOTHER gdm already running on the remote server (of course I do not want to kill it) and I could not find anyway for running two gdm instances on one machine too (at least till now).
View 1 Replies
View Related
Mar 31, 2010
When the RPM runs it come up with this error. How do I install the required dependencies? I have added more repositories, but still there are a few dependencies missing. Is there a zypper/sudo -get or something available? Opensuse 11.1 Gnome
[code]...
View 4 Replies
View Related
Jan 24, 2010
I am having issues with the DREADED port forwarding. *why* is this important? *why* does it become such a chore to change? trying to run xlink kai on karmic. i have access to the routers in the house. the primary (#1) router is a standard issue Linksys, the other router is my DDWRT router which connects wirelessly to #1.
View 3 Replies
View Related
Mar 18, 2010
I'm looking to setup X11 forwarding on my machine and secure it either with a vpn or ssh. A portable x11 client is need for access on the go. I am not sure if I am over complicating the issue but security is a must and some app I can run in windows on a thumb drive is a must.
View 4 Replies
View Related
Oct 28, 2010
i have already changed the sshd_config file but anyone who logs in can access to the internet what should i do?
View 5 Replies
View Related
Nov 21, 2010
I have a ubuntu 9.10 on my desktop in my office and I have another ubuntu on my home desktop. Both machines are behind a router. I guess many people have already asked the same question: how to remote control the office desktop from my home desktop?Many posts discussed about solving this by setting up ssh and port forwarding. But my situation is that I cannot control the router in my office so I cannot set up any port forwarding for my office desktop. So I guess my question becomes how to remote control my office desktop without setting up any port forwarding on the office router.
View 3 Replies
View Related
Mar 26, 2011
I currently use a commercial VPN when working overseas for secure internet access.
I now also need to VNC to a home ubuntu desktop (which runs software 24/7 that I need to periodically check).
When overseas, I use a Ubuntu laptop and an Android tablet.
For the VNC I intend to use an SSH tunnel. So my question is: should I ALSO set up openVPN on the home computer (so I can stop paying for a commercial provider which routes all my traffic twice across the Atlantic...) or is it easier/better to use the SSH tunnel for the secure webbrowsing too? Something like a SOCKS proxy?
View 8 Replies
View Related
May 12, 2011
I followed this guide to forward root's mail.Can it be set up so that mail messages get deleted after being forwarded?
View 1 Replies
View Related
Jul 13, 2011
I'm trying to set up my mythtv backend on a headless box. The many tutorials out there tell you to run mythtv-setup from a machine with a display by x forwarding through ssh.
Code:
ssh -X username@ipaddress /usr/bin/mythtv-setup
The x forwarding works fine except that the first part of the mythtv-setup requires you to stop the mythtv-backend process which you have to do as root. It brings up a box asking for your password (much like is would if you just typed sudo xxxxxxx in the terminal) but it won't accept the password. Looking in the auth log it seems that it can't authenticate
Code:
Jul 13 11:21:08 server su[21869]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=administrator rhost= user=root
Jul 13 11:21:10 server su[21869]: pam_authenticate: Authentication failure
[code].....
Now I know that my account (administrator) can have root privileges because I can sudo xxxx to my hearts content via ssh in the terminal, but it seems to not work when it's being requested from a forwarded X window....
View 2 Replies
View Related
Jan 6, 2010
Pre-exsisting issue from 9.04 server, and has never worked right for me. When I try to open an X11 forwarded app on a mac using the command "ssh -X myusername@serverIP" Other linux machines have similar issues from terminal. I can login just fine and preform any actions I want that do not require X11 forwarding, like say firefox or a manager. I just get the error "Error: no display specified" when trying to do anything with X11 forwarding. I have almost no Linux experience but from tinkering and my friends tinkering wonder if I have a x authority issue.
At one point I had ubuntu desktop package installed (forwarding still did not work then), did a unclean uninstall of it installed Xubuntu. Xubuntu did nothing but throw fits saying I did not have authority to preform all sorts of actions, many relating to root access. This box is meant to be a headless file, print and web server with the ability to login remotely as a convince for administration. I have given up on having a working GUI of any kind on this box. I really do not want to reinstall because of the amount of data on the main partition. What can I start trying to look into?
View 1 Replies
View Related
Jan 6, 2010
I have Ubuntu 9.10 PC on my home network acting as a VPN gateway. It is using vpnc & iptables to provide access to the remote network - other computers on my local network have routing rules in place to go via the Ubuntu gateway if trying to reach an IP on the remote network. This works just fine, except DNS lookups for names on the remote network don't work.
I'm trying to solve this by using Bind9 on the gateway, so it can act as DNS for the local network. I don't want to create excess VPN traffic or load on the remote DNS, so I want the gateway to forward the lookup to my ISPs DNS first and if the name is not found then try the remote network DNS. Is this possible, or is there another (better) way around this? The Bind9 configs seem to admit multiple DNSs, but use them in a failover sense - only using secondary DNSs when the first one in the list is not reachable at all.
View 1 Replies
View Related
Jan 15, 2010
is it possible to stream a window from X, as opposed to forwarding it over SSH? I've used X-forwarding before so that I could ssh into another computer and open up a graphical program and have it show up on mine. But as far as I know, that window only opens on your computer, not on the computer the program is actually running on. Is it possible for me to open a window on my computer, and to sort of X stream it to another computer that has X so they can watch what I'm doing in that window?
View 1 Replies
View Related
Jan 31, 2010
I have a script to establish a reverse tunnel with other machine,My problem is to stop the tunnel. If I just kill the PID at sshtunnel.pids, ssh does not release the ports at the server side, so any new connection will fail for several minutes.Is there any way to signal SSH to exit gracefully?
View 5 Replies
View Related
Feb 4, 2010
Up to now I've been playing with Ubuntu whilst storing important data elsewhere for about 2 years. Now I'm ready to move to Ubuntu completely but want to address my security.I'm currently using a desktop and server behind a hardware firewall / Internet router. The router has DynDNS and forwards port 80 to the webserver and a port I picked at random to the desktop 22 for SSH with private keys. SSH passwords are disabled.
The first question is, is there a danger of running different security levels on the two machines? I don't care about the server, there is no data on it so I currently forward port 80 and am considering forwarding ports 631 (CUPS) and a port for LDAP. Will this effect my desktop (which has info I don't want to loose).The next question is whether port forwarding / hardware firewall is actually a safeguard against attack.
View 3 Replies
View Related
Feb 20, 2010
This should be easy but for some reason its not working. I don't have admin rights on one of my local networks to open the firewall for port 80 to make my server accessible remotely (from the internet). I have a remote server (OpenVZ VPS) and I want to port forward so that [url]:8080 will point to my localhost:80 from the internet itself (i can get it to work on the remote VPS server's local network)...
How could I accomplish this? Basically, I am trying to serve webpages from behind a firewall using a VPS as a hub.
View 4 Replies
View Related
Apr 30, 2010
At work we are planning on migrating XP machines to ubuntu, and from there connect via remote desktop to a Windows Server 2008. That part is working perfectly, but our problem now is how to set up ubuntu to "share" the local webcam, so it can be used from the remote session in the server. Going through rdesktop man page there is a redirection option, but doesn't say anything about USB devices.
View 1 Replies
View Related
May 6, 2010
would it be possible for anyone to give me step-by-step instructions on how to set up port forwarding on my laptop? I've been using Karmic Koala and just upgraded to Lucid Lynx and not really bothered to port-forward before, so not too sure where to start - googling gives me a lot of terms I don't understand.
View 1 Replies
View Related
May 13, 2010
I'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
View 9 Replies
View Related
May 22, 2010
I have set up 10.04 server, got userdir working (/home/username/public_html) so I can access it with h ttp://myipaddress/~username. What do I need to do to get mydomain.com to point to http://myipaddress/~username?
View 9 Replies
View Related
Jul 6, 2010
I have two nic cards installed in a Lucid LTS server.
eth0 is static using
address 192.168.0.235
gateway 192.168.0.1
netmask 255.255.255.0
[Code]...
I have my Qwest DSL modem port forwarding port 80 to 192.168.3.235 however this doesn't seem to work if I have both cards running. If I remove the second card (eth1) and reconfigure eth0 to use 192.168.3.235 I can port forward into my webserver.
View 1 Replies
View Related
