Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- fre@fre:~$ klist
- klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1000)
- fre@fre:~$ kinit
- Password for fre@KHM.LAN:
- fre@fre:~$ klist -f
- Ticket cache: FILE:/tmp/krb5cc_1000
- Default principal: fre@KHM.LAN
- Valid starting Expires Service principal
- 05/18/10 23:58:50 05/19/10 09:58:50 krbtgt/KHM.LAN@KHM.LAN
- renew until 05/19/10 23:58:49, Flags: RIA
- fre@fre:~$ ssh -vvv -p22 krb.khm.lan
- OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8k 25 Mar 2009
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: Applying options for *
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to krb.khm.lan [192.168.0.152] port 22.
- debug1: Connection established.
- debug1: identity file /home/fre/.ssh/identity type -1
- debug1: identity file /home/fre/.ssh/id_rsa type -1
- debug1: identity file /home/fre/.ssh/id_dsa type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-6ubuntu2
- debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
- debug2: fd 3 setting O_NONBLOCK
- debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null
- debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
- debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
- debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
- debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: mac_setup: found hmac-md5
- debug1: kex: server->client aes128-cbc hmac-md5 none
- debug2: mac_setup: found hmac-md5
- debug1: kex: client->server aes128-cbc hmac-md5 none
- debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
- debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
- debug2: dh_gen_key: priv key bits set: 128/256
- debug2: bits set: 510/1024
- debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
- debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
- debug3: check_host_in_hostfile: filename /home/fre/.ssh/known_hosts
- debug3: check_host_in_hostfile: match line 2
- debug3: check_host_in_hostfile: filename /home/fre/.ssh/known_hosts
- debug3: check_host_in_hostfile: match line 3
- debug1: Host 'krb.khm.lan' is known and matches the RSA host key.
- debug1: Found key in /home/fre/.ssh/known_hosts:2
- debug2: bits set: 521/1024
- debug1: ssh_rsa_verify: signature correct
- debug2: kex_derive_keys
- debug2: set_newkeys: mode 1
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug2: set_newkeys: mode 0
- debug1: SSH2_MSG_NEWKEYS received
- debug1: SSH2_MSG_SERVICE_REQUEST sent
- debug2: service_accept: ssh-userauth
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug2: key: /home/fre/.ssh/identity ((nil))
- debug2: key: /home/fre/.ssh/id_rsa ((nil))
- debug2: key: /home/fre/.ssh/id_dsa ((nil))
- debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
- debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
- debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
- debug3: authmethod_lookup gssapi-keyex
- debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
- debug3: authmethod_is_enabled gssapi-keyex
- debug1: Next authentication method: gssapi-keyex
- debug1: No valid Key exchange context
- debug2: we did not send a packet, disable method
- debug3: authmethod_lookup gssapi-with-mic
- debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password
- debug3: authmethod_is_enabled gssapi-with-mic
- debug1: Next authentication method: gssapi-with-mic
- debug2: we sent a gssapi-with-mic packet, wait for reply
- debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
- debug2: we sent a gssapi-with-mic packet, wait for reply
- debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
- debug2: we sent a gssapi-with-mic packet, wait for reply
- debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
- debug2: we did not send a packet, disable method
- debug3: authmethod_lookup publickey
- debug3: remaining preferred: keyboard-interactive,password
- debug3: authmethod_is_enabled publickey
- debug1: Next authentication method: publickey
- debug1: Trying private key: /home/fre/.ssh/identity
- debug3: no such identity: /home/fre/.ssh/identity
- debug1: Trying private key: /home/fre/.ssh/id_rsa
- debug3: no such identity: /home/fre/.ssh/id_rsa
- debug1: Trying private key: /home/fre/.ssh/id_dsa
- debug3: no such identity: /home/fre/.ssh/id_dsa
- debug2: we did not send a packet, disable method
- debug3: authmethod_lookup keyboard-interactive
- debug3: remaining preferred: password
- debug3: authmethod_is_enabled keyboard-interactive
- debug1: Next authentication method: keyboard-interactive
- debug2: userauth_kbdint
- debug2: we sent a keyboard-interactive packet, wait for reply
- debug2: input_userauth_info_req
- debug2: input_userauth_info_req: num_prompts 1
- Password:
- fre@fre:~$
- fre@fre:~$ klist -f
- Ticket cache: FILE:/tmp/krb5cc_1000
- Default principal: fre@KHM.LAN
- Valid starting Expires Service principal
- 05/18/10 23:58:50 05/19/10 09:58:50 krbtgt/KHM.LAN@KHM.LAN
- renew until 05/19/10 23:58:49, Flags: RIA
- 05/18/10 23:59:11 05/19/10 09:58:50 host/krb.khm.lan@KHM.LAN
- renew until 05/19/10 23:58:49, Flags: RAT
- fre@fre:~$
- ---------------------------------
- /var/log/krb/krb5kdc log
- May 18 23:58:49 fre krb5kdc[2259](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.152: NEEDED_PREAUTH: fre@KHM.LAN for krbtgt/KHM.LAN@KHM.LAN, Additional pre-authentication required
- May 18 23:58:50 fre krb5kdc[2259](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.152: ISSUE: authtime 1274219930, etypes {rep=18 tkt=18 ses=18}, fre@KHM.LAN for krbtgt/KHM.LAN@KHM.LAN
- May 18 23:59:11 fre krb5kdc[2259](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.152: ISSUE: authtime 1274219930, etypes {rep=18 tkt=18 ses=18}, fre@KHM.LAN for host/krb.khm.lan@KHM.LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement