openssh and kerberos

February 9, 2010

At home I use Ubuntu for my various machines and I’ve now hit this problem a couple of times so it is probably worth detailing it here in case it affects anyone else. Before logging in to an Informatics machine with ssh I prefer to kinit to get my INF.ED.AC.UK principal into the ticket cache. Amongst other things this means I don’t need to keep typing in my password whenever I use ssh. This all works nicely but if you do not have an ssh client configuration file (.ssh/config) you can login but then will have no kerberos tickets or AFS tokens on the Informatics machine. This results in a very weird experience where you think the server is bust but everyone else can use it just fine. The solution is to add something like this:

Host *
  User squinney
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes

Obviously you will need to change your username appropriately.