Setting up SSH on Ubuntu

On CSAIL Ubuntu, it’s enabled by default, but without the “keytab” file necessary for Kerberos-based passwordless login, so some of these steps are necessary there as well. There are five steps you need to take to turn on SSH and enable passwordless remote login using your Kerberos tickets:

sudo install -o root -g root -m 600 /afs/csail/group/tig/keytabs/$USER/$HOSTNAME.keytab \
    /etc/krb5.keytab

(If you are using tcsh, substitute the name of your machine for $HOSTNAME.)

rm /afs/csail.mit.edu/group/tig/keytabs/$USER/$HOSTNAME.keytab
sudo rm /etc/ssh/sshd_not_to_be_run
sudo /etc/init.d/ssh restart

/etc/ssh/sshd_not_to_be_run won’t be there on CSAIL Linux machines, nor on servers, so don’t worry if you get an error from that command. But if it is there you’ll need to remove it.