1.6 KiB
SSH Access from Windows using Putty
Kerberos/AFS Failures with Default Settings
The default settings of Putty allows to connect to a Linux host. But when there are services depending on Kerberos like AFS then that will fail:
This is due to missing Kerberos ticket delegation. Note that you may recover from this on the Linux shell by entering kinit and then your password to opain a new Kerberos ticket and aklog to log into AFS.
Configure Kerberos
To avoid this issue Kerberos ticket delagation can be configured in Putty. In the settings select "Connection" -> "SSH" -> "Auth" -> "GSSAPI" and select therein "Allow GSSAPI credential delegation". Note that you need also to remove the tick at "Attempt GSSAPI key exchange" because else it will not work.
Long Running Programs/Simulations
The delegated Kerberos ticket from Windows can only work for less than one day (in the klist output check below krbtgt/D.PSI.CH@D.PSI.CH the renew until timestamp). So at some point after AFS will refuse access.
To get a longer valid Kerberos ticket on the Linux machine, type kinit and authenticate yourself with your password. The newly acquired Kerberos ticket will do it for one week and AFS is happy as long too.
Alternatively you may disable Kerberos/GSSAPI authentication in Putty altogehter. But then you need always to enter your password when connecting to your Linux machine. But it will then always get a new Kerberos ticket working for one week.