-1

As we are in corporate environment and with basic configuration changes, SSH Kerberos working seamlessly in OpenSSH

SSH -K server@domain.com

Since default Kerberos setup didn't work, we have installed MIT Kerberos and generated ktab files for the application uses.

However we are not aware how to setup Kerberos settings and properties for JSch. Password based authentication is working fine. But not sure how to implement the gssapi-with-mic. Any pointers or suggestion would be grateful.

Jsch connection with Kerberos

Kerberos Configuration

How to create these files with valid the values and explanation would be grateful.

JSch is here for more than a decade, I don't see any single workable sample with Kerberos/GSSAPI authentication online. If anyone successfully implemented, kindly let me know.

Chandru
  • 81
  • 1
  • 9

1 Answers1

-1

JSch has Kerberos authentication enabled by default (what is a frequent cause of problems).

So you should not need to do anything special to use it in JSch. Just try to login with username only.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
  • OpenSSH has direct access to the Kerberos tickets that are created by windows interactive login (Physical/RDP). But JSch/putty any other SSH tools doesn't have the access to those tickets. We need to configure Krb5.init, ktab files need to manually generate the tickets and force the Java/Jsch use it. – Chandru Feb 17 '23 at 11:38
  • We already implemented the waffle SSO login which uses negotiation to implement Kerberos/NTLM. if everything works fine, we should be able to utilize the Kerberos tickets that are created by Waffle SSO. However, If I check the available tickets using "Klist" cmd, I don't see any new tickets after the successful authentication. I suspect our application uses only NTML and it is reluctant to use Kerberos. Any suggestions or improvement would be grateful for us! – Chandru Feb 17 '23 at 11:45