SSH/Kerberos在OSX上不起作用 [英] SSH/Kerberos not working on OSX
问题描述
所以我尝试并尝试使我的ssh与Mavericks上的kerberos一起工作无济于事.这是我的版本:
So I have tried and tried to get my ssh to work with kerberos on Mavericks to no avail. Here are my versions:
ssh: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
kerberos: Heimdal 1.5.1apple1
我也尝试了内置的ssh,也没有任何效果.这是我的配置:
I also tried the built in ssh with no effect as well. Here is my config:
ForwardAgent yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
我已经检查过,我的用户配置中没有任何替代设置
i have checked, there are no overriding settings in my user config
所有这些之后,在切换到与Linux客户端兼容的linux主机时,仍然会提示我输入密码. (我能够成功初始化并获得票证)
After all of this, I still get prompted for a password when ssh'ing to a linux host that does work with linux clients. (I am able to successfully kinit and i do get a ticket)
有什么线索让我想念吗?有人遇到过这个问题吗?
Any clues what I am missing? Has anyone has this problem before.
HERE 是ssh连接日志的链接.似乎甚至不尝试就放弃了gssapi ...为什么????
HERE is a link to the ssh connection log. It just seems to abandon gssapi without even trying it... why????
推荐答案
在OSX SIERRA上注意:
看来Apple再次将其破解了....gssapitrusdns内容实际上是第三方的贡献,Apple修订为不包含这些补丁的更新的ssh ...请参阅这里
原始答案(Sierra之前的版本):
好吧,因此,在经过更多的挠头,放弃和暴力尝试用电源线勒死我的计算机之后,我找到了答案...原来,必须告诉OSX明确信任DNS. ..将以下行添加到您的ssh配置中:
Ok, so after even more head-scratching, giving up, and violent attempts to strangle my computer with a power cord, I have found the answer... Turns out, OSX need to be told to explicitly trust DNS.... Add the following line to your ssh config:
GSSAPITrustDNS yes
来源(选中问题和解决方法"部分)
Source (check the 'Problems and Workarounds' section)
这篇关于SSH/Kerberos在OSX上不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!