gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==

From: "atari8472@xxxxxxxxx" <atari8472@xxxxxxxxx>
Date: 22 Jun 2006 15:15:35 -0700

Hi guys,

I have a Kerberos infrastructure and trying to do SSO via ssh to
various servers within one realm. I am able to ssh with Kerberos keys
to several servers (server2 for example), but not to server1.
....
.... comparing two ssh outputs (the one that doesn't work with kerberos
(server1) and the one that does (server2)

client sends to server1 (kerberos doesn't work):

debug2: kex_parse_kexinit:
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null

server1 sends back:
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

client sends to server2: (kerberos works)

debug2: kex_parse_kexinit:
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null

server2 sends back:
debug2: kex_parse_kexinit:
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

this is pretty much where the two outputs go different so I have a gut
feeling that this might be why ...

any ideas how to go about fixing this ... making server1 to offer
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g== as an option?

both servers are SSH-2.0-OpenSSH_3.8.1p1
client is OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005

thanks in advance
atari

.

Follow-Ups:
- Re: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
  - From: Richard E. Silverman

Prev by Date: Re: forced-commands-only option for any user, not just root
Next by Date: Re: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
Previous by thread: forced-commands-only option for any user, not just root
Next by thread: Re: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
Index(es):
- Date
- Thread

Relevant Pages

Re: Server Replizieren sich nicht
... Wenn ich dann versuche Verbindung mit dem Domänencontroller herzustellen (Server1 aber auch bei Server2) ... bekomme ich eine weitere Fehlermeldung ... Wenn der Server wieder da ist, dann kannst Du die Startart vom Kerberos Schlüsselverteilungscenter wieder auf "automatisch" stellen und auch starten. ...
(microsoft.public.de.german.win2000.networking)
Re: authorized_keys2 and Solaris 10
... entry/argument in the public key line ... able to do passwordless ssh to other boxes. ... the server1 and server2 machines. ... would go to server1, create the public and private keys there, scp the ...
(comp.sys.sun.admin)
RE: WSE3 web farm problem: "Key not valid for use in specified state"
... following to the web services web.config file under the ... <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"</a>;> ... server1, and the actual request went to server2, like the following ... Client output: RST ...
(microsoft.public.dotnet.framework.webservices.enhancements)
MP problem
... The P01 and P02 are configured with overlapping site boundaries based on IP-subnets. ... So, using the PolicySpy from SMS Tool kit 2 on a client assigned to P02 tells me that, the assigned MP is Server2 and the resident MP is Server1. ... I thought that the client will not use Server1 as it's resident MP anymore, since the client is no longer in the boundaries of the MP.... ...
(microsoft.public.sms.setup)
Re: CAO passed through 2 servers.
... > The CAO actually resides on the client (perhaps I am confused about this CAO ... The client then uses a remoting call to pass the object reference to ... > through Server1 on the way to being handled in the client. ...
(microsoft.public.dotnet.framework.remoting)