当我ssh DOMAIN \用户@ localhosts名称身份validation正常工作通过gssapi-with-mic:
debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug3: Wrote 112 bytes for a total of 1255 debug1: Delegating credentials debug3: Wrote 2816 bytes for a total of 4071 debug1: Delegating credentials debug3: Wrote 80 bytes for a total of 4151 debug1: Authentication succeeded (gssapi-with-mic). 当我连接到不同的机器它似乎停止了通过gssapi-with-miconauthentication的一半:
debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug3: Wrote 112 bytes for a total of 1255 debug1: Delegating credentials debug3: Wrote 2816 bytes for a total of 4071 <----- ???? debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
我应该如何去找出第二次发生什么不同的事情。 我怎样才能知道/为什么auth被kerberos拒绝?
我在这种情况下使用的技术是在目标主机的不同端口上启动一个单独的sshd服务,然后打开debugging级别:
# /usr/sbin/sshd -d -d -d -p 2233
然后,您可以从源连接到新端口上的目标:
$ ssh user@hostname -p 2233
服务器的debugging日志通常比客户端有更多的相关信息。 另外请注意,在debugging模式下运行的sshd服务将在每次连接后终止,因此每次连接时都必须重新启动。