You are here: Foswiki>TIG Web>CSAILDebian?>SettingUpSSH (22 May 2018, JasonDorfman)EditAttach

Setting up SSH

On CSAILUbuntu, it's enabled by default, but without the "keytab" file necessary for Kerberos-based passwordless login, so some of these steps are necessary there as well.) There are five steps you need to take to turn on SSH and enable passwordless remote login using your Kerberos tickets:

  • First, ensure that your machine has a stable hostname (that does not contain "dynamic".) If it does, register a hostname first in WebDNS (CSAIL Certificate required), then dhreg (CSAIL Certificate required).
  • Ask the sysadmins to generate a keytab for your host (e-mail with the name of your machine)
  • Install the keytab. From the machine:
sudo install -o root -g root -m 600 /afs/csail/group/tig/keytabs/$USER/$HOSTNAME.keytab \
(If you are using tcsh, substitute the name of your machine for $HOSTNAME.)
  • Remove the keytab from afs:
rm /afs/$USER/$HOSTNAME.keytab
  • (Re)start sshd:
sudo rm /etc/ssh/sshd_not_to_be_run
sudo /etc/init.d/ssh restart
Note that /etc/ssh/sshd_not_to_be_run won't be there on CSAIL Ubuntu machines, nor on servers, so don't worry if you get an error from that command. But if it is there you'll need to remove it.
Topic revision: 22 May 2018, JasonDorfman

MIT Computer Science and Artificial Intelligence Laboratory


  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology