SSH/Kerberos在OSX上不起作用 [英] SSH/Kerberos not working on OSX

问题描述

所以我尝试并尝试使我的ssh与Mavericks上的kerberos一起工作无济于事.这是我的版本:

So I have tried and tried to get my ssh to work with kerberos on Mavericks to no avail. Here are my versions:

ssh: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
kerberos: Heimdal 1.5.1apple1

我也尝试了内置的ssh，也没有任何效果.这是我的配置:

I also tried the built in ssh with no effect as well. Here is my config:

ForwardAgent yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes

我已经检查过，我的用户配置中没有任何替代设置

i have checked, there are no overriding settings in my user config

所有这些之后，在切换到与Linux客户端兼容的linux主机时，仍然会提示我输入密码. (我能够成功初始化并获得票证)

After all of this, I still get prompted for a password when ssh'ing to a linux host that does work with linux clients. (I am able to successfully kinit and i do get a ticket)

有什么线索让我想念吗?有人遇到过这个问题吗?

Any clues what I am missing? Has anyone has this problem before.

HERE 是ssh连接日志的链接.似乎甚至不尝试就放弃了gssapi ...为什么????

HERE is a link to the ssh connection log. It just seems to abandon gssapi without even trying it... why????

推荐答案

在OSX SIERRA上注意:

看来Apple再次将其破解了....gssapitrusdns内容实际上是第三方的贡献，Apple修订为不包含这些补丁的更新的ssh ...请参阅 原始答案(Sierra之前的版本):

好吧，因此，在经过更多的挠头，放弃和暴力尝试用电源线勒死我的计算机之后，我找到了答案...原来，必须告诉OSX明确信任DNS. ..将以下行添加到您的ssh配置中:

Ok, so after even more head-scratching, giving up, and violent attempts to strangle my computer with a power cord, I have found the answer... Turns out, OSX need to be told to explicitly trust DNS.... Add the following line to your ssh config:

GSSAPITrustDNS yes

来源(选中问题和解决方法"部分)

Source (check the 'Problems and Workarounds' section)

这篇关于SSH/Kerberos在OSX上不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！