forked from Controls/gitea-pages
25 lines
1.6 KiB
Markdown
25 lines
1.6 KiB
Markdown
# SSH Access from Windows using Putty
|
|
|
|
## Kerberos/AFS Failures with Default Settings
|
|
|
|
The default settings of Putty allows to connect to a Linux host. But when there are services depending on Kerberos like AFS then that will fail:
|
|
|
|
|
|
|
|
This is due to missing Kerberos ticket delegation. Note that you may recover from this on the Linux shell by entering `kinit` and then your password to opain a new Kerberos ticket and `aklog` to log into AFS.
|
|
|
|
## Configure Kerberos
|
|
|
|
To avoid this issue Kerberos ticket delagation can be configured in Putty.
|
|
In the settings select "Connection" -> "SSH" -> "Auth" -> "GSSAPI" and select therein "Allow GSSAPI credential delegation".
|
|
Note that you need also to remove the tick at "Attempt GSSAPI key exchange" because else it will not work.
|
|
|
|
|
|
|
|
## Long Running Programs/Simulations
|
|
The delegated Kerberos ticket from Windows can only work for less than one day (in the `klist` output check below `krbtgt/D.PSI.CH@D.PSI.CH` the `renew until` timestamp). So at some point after AFS will refuse access.
|
|
|
|
To get a longer valid Kerberos ticket on the Linux machine, type `kinit` and authenticate yourself with your password. The newly acquired Kerberos ticket will do it for one week and AFS is happy as long too.
|
|
|
|
Alternatively you may disable Kerberos/GSSAPI authentication in Putty altogehter. But then you need always to enter your password when connecting to your Linux machine. But it will then always get a new Kerberos ticket working for one week.
|