Kerberizing SSH on Linux

  • You already have a Kerberos server
  • Your /etc/krb5.conf is correct
  • You already have a host/your.host.fqdn@YOUR-REALM princpal
  • The principal is already in your keytab
  • You already added GSSAPIAuthentication yes to /etc/ssh/sshd_config on the server
  • You already added GSSAPIAuthentication yes to /etc/ssh/ssh_config on the client
  • You hve a local user in the remote server
  • You already installed libpam-krb5
  • your IP reverse-resolves to your fqdn (for all hosts in your network)
  • your fqdn resolves to your ip (for all hosts in your network)

Why is it not working????

Because you have the line “127.0.1.1 yourhost” on /etc/resolv.conf. Comment it out.

Now do “hostname -f”. it should return your fqdn.

That was it.