Tags: kerberos ssh

Kerberised ssh

Avoiding entering passwords when using ssh between servers is convenient.
Up to know I've user ssh-keygen to set this up, but once Kerberos is configured on client and server it's even easier.
It does require Kerberos aware ssh/sshd.

Just add the following to your ssh destination box (server in my case)

In your home directory create a file called ".k5login". It doesn't need to be secret but should be writable only by you, default permissions of 644 are fine.
It should contain the principals that you trust (ie allow to connect without further authentication).
In my case it contains just one line

Now you should be able to ssh to your destination box without further passwords from client in which you are already Kerberos authorised.

  • + : A leading plus sign indicates that this word must be present in every object returned.
  • - : A leading minus sign indicates that this word must not be present in any row returned.
  • By default (when neither plus nor minus is specified) the word is optional, but the object that contain it will be rated higher.
  • < > : These two operators are used to change a word's contribution to the relevance value that is assigned to a row.
  • ( ) : Parentheses are used to group words into subexpressions.
  • ~ : A leading tilde acts as a negation operator, causing the word's contribution to the object relevance to be negative. It's useful for marking noise words. An object that contains such a word will be rated lower than others, but will not be excluded altogether, as it would be with the - operator.
  • * : An asterisk is the truncation operator. Unlike the other operators, it should be appended to the word, not prepended.
  • " : The phrase, that is enclosed in double quotes ", matches only objects that contain this phrase literally, as it was typed.


Related Sites