<noob> SSH with Kerberos from Windows XP

Douglas E. Engert

2008-09-15 16:05:54 UTC

Post by Mantas MikulÄnas
Hello everyone. I'm new here, so please don't hurt me.
I want to use Kerberos authentication when SSHing from a home Windows XP
machine to a remote network. How do I configure my PC?
<setup>
* Microsoft Windows XP Pro SP3
* stand-alone home PC (domain = False)
* I have the install CD
* I'd prefer to use Microsoft's Kerberos if such a thing exists

Yes and No. It is normally used only when the machine is joined
to an AD domain, and the user logins in to the domain. This
also implies AD is providing authorization data.

But you could use the Windows ksetup command to set the name
of the realm, and locations of the KDCs. Then use the Windows
runas command to get a TGT usable only in the cmd.exe

runas /netonly /user:user at REALM cmd.exe

It will prompt for the Kerberos password. The TGT
(You may need other parameters too.)
you can then use the Windows klist command from this window
to see the tickets, and start the Quest PuTTY. The PuTTY will
use "SSPI" i.e. Windows GSSAPI to autheticate to a sshd
with GSSAPI.

cd \Program Files\Quest Software\PuTTY
putty.exe -load my.host.profile

Post by Mantas MikulÄnas
(MIT Kerberos has a stupid interface)

A lot easier then what I just described above...

Post by Mantas MikulÄnas
* I use PuTTY for SSH
* I have the QuestPuTTY mod
* I like command-line
* I don't like Cygwin
* Heimdal Kerberos
* Debian Linux
* I know the realm and KDC server address
</setup>
</noob>

--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444