Skip to content

Instantly share code, notes, and snippets.

@fintelia

fintelia/csail-passwordless-ssh.md

Created July 1, 2019 19:43
Show Gist options
  • Save fintelia/1c9bed4c9ca61612b457fcade0e5cc15 to your computer and use it in GitHub Desktop.
Save fintelia/1c9bed4c9ca61612b457fcade0e5cc15 to your computer and use it in GitHub Desktop.
Download ZIP
Truly passwordless SSH for login.csail.mit.edu
Raw
csail-passwordless-ssh.md

commands

$ sudo pacman -S krb5
$ ktutil
ktutil:  add_entry -password -p kerberos_username -k 1 -e aes256-cts-hmac-sha1-96
ktutil:  write_kt /home/username/.kerberos-keytab

files

~/.k5identity

kerberos_username@CSAIL.MIT.EDU

/etc/krb5.conf

[libdefaults]
	default_realm = CSAIL.MIT.EDU
	renew_lifetime = "10d 0h 0m 0s"
	default_client_keytab_name = "/home/username/.kerberos-keytab"

~/.ssh/config

Host login.csail
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
    Hostname login.csail.mit.edu
    User kerberos_username

Host name
     ...
     ProxyJump login.csail
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment