Setting up SSH

By default, SSH is disabled on CSAIL Debian machines. (On CSAIL Ubuntu, it's enabled by default, but without the "keytab" file necessary for Kerberos-based passwordless login, so some of these steps are necessary there as well.) There are five steps you need to take to turn on SSH and enable passwordless remote login using your Kerberos tickets:

  • First, ensure that your machine has a stable hostname (that hostname.csail.mit.edu does not contain "dynamic".) If it does, register a hostname first in WebDNS (CSAIL Certificate required), then dhreg (CSAIL Certificate required).
  • Ask the sysadmins to generate a keytab for your host (e-mail help@csail.mit.edu with the name of your machine)
  • Install the keytab. From the machine:
sudo install -o root -g root -m 600 /afs/csail/group/tig/keytabs/$USER/$HOSTNAME.keytab \
    /etc/krb5.keytab
(If you are using tcsh, substitute the name of your machine for $HOSTNAME.)
  • Remove the keytab from afs:
rm /afs/csail.mit.edu/group/tig/keytabs/$USER/$HOSTNAME.keytab
  • (Re)start sshd:
sudo rm /etc/ssh/sshd_not_to_be_run
sudo /etc/init.d/ssh restart
Note that /etc/ssh/sshd_not_to_be_run won't be there on CSAIL Ubuntu machines, nor on servers, so don't worry if you get an error from that command. But if it is there you'll need to remove it.
Topic revision: 11 Dec 2012, JaySekora
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology