Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

OpenSSH with gssapi-with-mic hostname questions

from [Joel Johnson] Network Security [Permanent Link]
Subject: OpenSSH with gssapi-with-mic hostname questions
Date: Sun, 16 Sep 2007 20:57:51 -0600 (MDT) 
I have OpenSSH setup and am using gssapi-with-mic to authenticate using my
existing Kerberos (MIT) infrastructure.

The problem I'm having is with a machine on a DSL with a dynamic IP such
that I don't have control over the DNS PTR record. When I try and connect to
that server the GSSAPI functionality in the SSH client tries to obtain a
Kerberos host key for the actual reverse hostname (as noted in the KDC logs)
which is not what I requested and of course fails. An example for
clarification - I try to ssh to box1.example.com and expect to obtain a
Kerberos hostkey for host/box1.example.com@EXAMPLE.COM, but instead try to
get tickets for host/QWEST.NET@EXAMPLE.COM which fail, so the
gssapi-with-mic mechanism fails.

As an additional note, I tried putting the relevant entry in /etc/hosts and
everything went exactly as expected. It is obvious that there is a
verification mechanism in place to do the reverse lookup and obtain a
service ticket for that host, but in this instance I need to be able to
disable that reverse lookup. Where can I do this? I'm not entirely sure what
level does the initial request, but any guidance would be appreciated.

Thanks,
Joel Johnson
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using a ppk file generated by pageant on openssh client, Radek Hladik
Next by Date:  Re: OpenSSH with gssapi-with-mic hostname questions, Simon Wilkinson
Previous by Thread:  FW: Connecting to host, Sharath Ballal
Next by Thread:  Re: OpenSSH with gssapi-with-mic hostname questions, Simon Wilkinson
Indexes:  [Date] [Thread] [Top] [All Lists]