Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OpenSSH 4.3p2 -> 4.3p2; gssapi problem.

from [Simon Wilkinson] Network Security [Permanent Link]
Subject: Re: OpenSSH 4.3p2 -> 4.3p2; gssapi problem.
Date: Wed, 25 Jul 2007 12:40:48 +0100 

On 24 Jul 2007, at 04:17, Edward Roper wrote:


   debug1: Miscellaneous failure
   Key table entry not found

This is the important error. You don't have a key in your keytab that matches what the client is trying to use. In general this occurs for one of two reasons. Either there is a key version number mismatch between that which the client is using, and that available to the server, or your host's hostname doesn't match it's DNS name (OpenSSH uses the hostname to determine which key to use as an acceptor)

Try running 'kvno host/anubis.domain.com@DOMAIN.COM' on your client, and check that the version number you obtain there matches that in your keytab. Check that hostname is anubis.domain.com.

If both of those fail, you may be into the murky waters of encryption types. You have to ensure that the KDC doesn't have keys for host/ anubis... that you haven't exported to the keytab. Use klist -e to check the encryption types for the host/anubis... entry in your credentials cache, and make sure that the listed encryption type matches the one in your keytab.

Cheers,

Simon.

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Able to login with any password, Cartman
Next by Date:  Solaris 10 sshd and OpenSSH 4 client problems, Jeff Blaine
Previous by Thread:  OpenSSH 4.3p2 -> 4.3p2; gssapi problem., Edward Roper
Next by Thread:  Able to login with any password, Cartman
Indexes:  [Date] [Thread] [Top] [All Lists]