当我 ssh 到 DOMAIN\user@localhosts-name 时,身份验证通过 gssapi-with-mic 工作正常:
debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug3: Wrote 112 bytes for a total of 1255
debug1: Delegating credentials
debug3: Wrote 2816 bytes for a total of 4071
debug1: Delegating credentials
debug3: Wrote 80 bytes for a total of 4151
debug1: Authentication succeeded (gssapi-with-mic).
当我连接到另一台机器时,它似乎在 gssapi-with-mic 身份验证中途停止:
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug3: Wrote 112 bytes for a total of 1255
debug1: Delegating credentials
debug3: Wrote 2816 bytes for a total of 4071 <----- ????
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
我应该如何找出第二次发生的不同情况?我如何查明身份验证是否/为何被 kerberos 拒绝?
在这种情况下,我使用的技术是在目标主机上的不同端口上启动单独的 sshd 服务,然后在那里调高调试级别:
# /usr/sbin/sshd -d -d -d -p 2233
然后,您可以在新端口从源连接到目标:
$ ssh user@hostname -p 2233
服务器的调试日志通常比客户端的调试日志包含更多相关信息。另请注意,在调试模式下运行的 sshd 服务将在每次连接后终止,因此每次连接时都必须重新启动它。
| 归档时间: |
|
| 查看次数: |
6500 次 |
| 最近记录: |