Jump to Navigation

199 - putty 0.61 : Access Denied Message

It was being caused by GSSAPI authentication. The better option is to set PuTTY not to try using it.

PuTTY options :
Connection -> SSH -> Auth -> GSSAPI
Uncheck the 'Attempt GSSAPI authentication' checkbox.

Other option :
Disabled GSSAPIAuthentication in sshd_config in your Linux Server.
Explicitly disable GSSAPI authentication in SSH client program configuration file, i.e. edit the /etc/ssh/ssh_config and add in this

GSSAPIAuthentication no

If you do not want to use it from ssh command:
Specify the option to disable GSSAPI authentication using SSH or SCP command.

# ssh -o GSSAPIAuthentication=no user1@

If you want it every time, create a file called config in .ssh directory of respective user home directory (or whichever user home directory that
need to get rid of this show login prompt).
For example, Edit /home/user1/.ssh/config (create the config file if it’s not currently exist) and add in the "GSSAPIAuthentication no" option.

The GSSAPI does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion,
with a range of underlying mechanisms and technologies such as Kerberos v5. The current implementation of the GSSAPI only works with
the Kerberos v5 security mechanism. The best way to think about the relationship between GSSAPI and Kerberos is in the following manner:
GSSAPI is a network authentication protocol abstraction that allows Kerberos credentials to be used in an authentication exchange. Kerberos v5
must be installed and running on any system on which GSSAPI-aware programs are running.

The Generic Security Services Application Program Interface (GSSAPI) is a standard interface, defined by RFC 2743, that provides a generic
authentication and secure messaging interface, whereby these security mechanisms can be plugged in. The most commonly referred to GSSAPI
mechanism is the Kerberos mechanism that is based on secret key cryptography.

Kerberos :
Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key
cryptography. Originally developed at the Massachusetts Institute of Technology, it is included in the Solaris OE to provide strong authentication
for Solaris OE network applications.


Main menu 2

Story | by Dr. Radut