Post a reply :: Support Forum

martin

2005-02-09

AFAIK, OpenSSH does not support Kerberos by default. However there are some patches on Internet.

Werdhi

2005-02-09 02:41

Hmm ... I do use Kerberos for POP3 and IMAP e-mail with the University's server but I don't know enough to know whether I'm dealing with a whole different matter when using SFTP. I don't use any other SSH Client. I'll have to check with the IT folks to see if they have an idea regarding this. It may be that I cannot use Kerberos to upload/download to the AFS.

I'll get back to you.

Thank you,

werdhi

martin

Re: Log File

2005-02-08

Werdhi wrote:

Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

I does not looks like your SSH server supportes GSSAPI (Kerberos). Are you sure it does? Are you able to login to it using Kerberos with any other SSH client? Which one?

Werdhi

Log File

2005-02-07 18:36

Here is the log file from start-up to closing the connection (I've edited some of the data to obscure the actual user names/IP addresses). As you can see, it does prompt me for a password even though I've already got a Kerberos 5 ticket.

Thanks for your help.

--------------------------------------------------------------------------
. WinSCP Version 3.7.2 (Build 262) (OS 5.1.2600 Service Pack 2)
. Login time: Monday, February 07, 2005 12:26:16 PM
. --------------------------------------------------------------------------
. Session name: *Werdhi's IFS Space - Kerberized
. Host name: login.***.edu (Port: 22)
. User name: werdhi (Password: No, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-
. SFTP Bugs: -,-
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "login.***.edu"
. Connecting to ***.211.2.206 port 22
. Server version: SSH-1.99-OpenSSH_3.4p1
. We claim version: SSH-2.0-WinSCP_release_3.7.2
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 10:4a:ec:d2:f1:38:f7:ea:0a:a0:0f:17:57:ea:a6:16
. Initialised AES-256 client->server encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "werdhi".
. Session password prompt (werdhi@login.***.edu's password: )
. Asking user for password.
. Sent password
. Access granted
. Opened channel for session
. Started a shell/command
. --------------------------------------------------------------------------
. Using SFTP protocol.
. Doing startup conversation with host.
> Type: SSH_FXP_INIT, Size: 5, Number: -1
< Type: SSH_FXP_VERSION, Size: 5, Number: -1
. SFTP version 3 negotiated.
> Type: SSH_FXP_EXTENDED, Size: 38, Number: 200
< Type: SSH_FXP_STATUS, Size: 38, Number: 200
< Status/error code: 8
. Server does not recognise WinSCP.
. Getting current directory name.
. Getting real path for '.'
> Type: SSH_FXP_REALPATH, Size: 10, Number: 528
< Type: SSH_FXP_NAME, Size: 79, Number: 528
. Real path is '/afs/***.edu/user/***'
. Listing directory "/afs/***.edu/user/***".
> Type: SSH_FXP_OPENDIR, Size: 38, Number: 779
< Type: SSH_FXP_HANDLE, Size: 13, Number: 779
> Type: SSH_FXP_READDIR, Size: 13, Number: 1036
< Type: SSH_FXP_NAME, Size: 7169, Number: 1036
> Type: SSH_FXP_READDIR, Size: 13, Number: 1292
. Reading symlink ".cshrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 1555
> Type: SSH_FXP_STAT, Size: 45, Number: 1809
< Type: SSH_FXP_STATUS, Size: 28, Number: 1292
. Storing reserved response
< Type: SSH_FXP_NAME, Size: 47, Number: 1555
< Type: SSH_FXP_ATTRS, Size: 37, Number: 1809
. Reading symlink ".login".
> Type: SSH_FXP_READLINK, Size: 45, Number: 2067
> Type: SSH_FXP_STAT, Size: 45, Number: 2321
< Type: SSH_FXP_NAME, Size: 47, Number: 2067
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2321
. Reading symlink ".logout".
> Type: SSH_FXP_READLINK, Size: 46, Number: 2579
> Type: SSH_FXP_STAT, Size: 46, Number: 2833
< Type: SSH_FXP_NAME, Size: 49, Number: 2579
< Type: SSH_FXP_ATTRS, Size: 37, Number: 2833
. Reading symlink ".mwmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 3091
> Type: SSH_FXP_STAT, Size: 45, Number: 3345
< Type: SSH_FXP_NAME, Size: 47, Number: 3091
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3345
. Reading symlink ".principals".
> Type: SSH_FXP_READLINK, Size: 50, Number: 3603
> Type: SSH_FXP_STAT, Size: 50, Number: 3857
< Type: SSH_FXP_NAME, Size: 57, Number: 3603
< Type: SSH_FXP_ATTRS, Size: 37, Number: 3857
. Reading symlink ".profile".
> Type: SSH_FXP_READLINK, Size: 47, Number: 4115
> Type: SSH_FXP_STAT, Size: 47, Number: 4369
< Type: SSH_FXP_NAME, Size: 51, Number: 4115
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4369
. Reading symlink ".termsetup".
> Type: SSH_FXP_READLINK, Size: 49, Number: 4627
> Type: SSH_FXP_STAT, Size: 49, Number: 4881
< Type: SSH_FXP_NAME, Size: 55, Number: 4627
< Type: SSH_FXP_ATTRS, Size: 37, Number: 4881
. Reading symlink ".tvtwmrc".
> Type: SSH_FXP_READLINK, Size: 47, Number: 5139
> Type: SSH_FXP_STAT, Size: 47, Number: 5393
< Type: SSH_FXP_NAME, Size: 51, Number: 5139
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5393
. Reading symlink ".twmrc".
> Type: SSH_FXP_READLINK, Size: 45, Number: 5651
> Type: SSH_FXP_STAT, Size: 45, Number: 5905
< Type: SSH_FXP_NAME, Size: 47, Number: 5651
< Type: SSH_FXP_ATTRS, Size: 37, Number: 5905
. Reading symlink ".xpattern".
> Type: SSH_FXP_READLINK, Size: 48, Number: 6163
> Type: SSH_FXP_STAT, Size: 48, Number: 6417
< Type: SSH_FXP_NAME, Size: 53, Number: 6163
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6417
. Reading symlink ".xresources".
> Type: SSH_FXP_READLINK, Size: 50, Number: 6675
> Type: SSH_FXP_STAT, Size: 50, Number: 6929
< Type: SSH_FXP_NAME, Size: 57, Number: 6675
< Type: SSH_FXP_ATTRS, Size: 37, Number: 6929
. Reading symlink ".zephyr.subs".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7187
> Type: SSH_FXP_STAT, Size: 51, Number: 7441
< Type: SSH_FXP_NAME, Size: 59, Number: 7187
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7441
. Reading symlink ".zephyr.vars".
> Type: SSH_FXP_READLINK, Size: 51, Number: 7699
> Type: SSH_FXP_STAT, Size: 51, Number: 7953
< Type: SSH_FXP_NAME, Size: 59, Number: 7699
< Type: SSH_FXP_ATTRS, Size: 37, Number: 7953
. Reading symlink ".xsession".
> Type: SSH_FXP_READLINK, Size: 48, Number: 8211
> Type: SSH_FXP_STAT, Size: 48, Number: 8465
< Type: SSH_FXP_NAME, Size: 53, Number: 8211
< Type: SSH_FXP_ATTRS, Size: 37, Number: 8465
< Status/error code: 1
> Type: SSH_FXP_CLOSE, Size: 13, Number: 8708
. Startup conversation with host finished.
. Closing connection.

martin

Re: WinSCP not using Kerberos Tickets

2005-02-07

Can you post a log file?

Werdhi

WinSCP not using Kerberos Tickets

2005-02-05 16:35

Pardon my ignorance :? ... I use Keberos Authentication (MIT Leash Version 2.6.3.20040525) for obtaining a Kerberos ticket which both my e-mail programs then can use to log me into the server securely (I use Mulberry and Eudora). When I set up WinSCP to "Attempt MIT Kerberos 5 GSSAPI Authentication," I still get prompted for a password and the ticket I've already obtained is not used.

What am I doing wrong :?:

Thanks!

v_t_m

Re: kerberos

2005-01-10 20:26

Currently I'am working on SSPI authentication for PuTTY. I will probably use a patch from Certified Security Solutions (<invalid hyperlink removed by admin>).
As this patch includes Kerberos autehtication for SSH1, maybe I will include this feature, too.