[Nevis-linux] SSH and Kerberos at FNAL

William Seligman seligman at nevis.columbia.edu
Mon Sep 29 13:08:53 EDT 2008

To anyone who uses ssh to access the Kerberized systems at FNAL:

For some years now, we've used a special version of ssh to access the Kerberized 
systems at Fermilab.  The complete directions are here:


But before you click on that link...

Thanks to Brian Rebel, I have learned that a special version of ssh may not be 
needed after all.  I have added the following options to /etc/ssh/ssh_config on 
all the systems on the Nevis Linux cluster:

   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials yes

When I do this, I find that after I do the usual "kinit seligman at FNAL.GOV", I 
can use the standard Fedora Linux ssh command to access FNAL systems 
(d0mino01.fnal.gov, at least).

If you are using a laptop, you can try adding the above statements to your 
~/.ssh/config file.   You can also test this without editing any files by 
putting the options on the ssh command line:

# ssh -o GSSAPIAuthentication=yes \
       -o GSSAPIDelegateCredentials=yes \

I suggest trying to use "regular" ssh with the above options and see if it works 
for you.  If so, it would be one less complication we'd have to worry about.

Bill Seligman             | Phone: (914) 591-2823
Nevis Labs, Columbia Univ | mailto://seligman@nevis.columbia.edu
PO Box 137                | http://www.nevis.columbia.edu/~seligman/
Irvington NY 10533 USA    | XDI: http://public.xdi.org/=william.seligman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3277 bytes
Desc: S/MIME Cryptographic Signature
Url : http://listserv.nevis.columbia.edu/pipermail/nevis-linux/attachments/20080929/c4f4d921/attachment.bin 

More information about the Nevis-linux mailing list