Setting up SSH on Ubuntu
On CSAIL Ubuntu, it’s enabled by default, but without the “keytab” file necessary for Kerberos-based passwordless login, so some of these steps are necessary there as well. There are five steps you need to take to turn on SSH and enable passwordless remote login using your Kerberos tickets:
- First, ensure that your machine has a stable hostname (that
hostname.csail.mit.edu does not contain “dynamic”.) If it does, register a hostname first in WebDNS (CSAIL Login required), then dhreg (CSAIL Login required). - Ask the sysadmins to generate a keytab for your host (e-mail help@csail.mit.edu with the name of your machine)
- Install the keytab. From the machine:
sudo install -o root -g root -m 600 /afs/csail/group/tig/keytabs/$USER/$HOSTNAME.keytab \
/etc/krb5.keytab
(If you are using tcsh, substitute the name of your machine for $HOSTNAME.)
- Remove the keytab from afs:
rm /afs/csail.mit.edu/group/tig/keytabs/$USER/$HOSTNAME.keytab
- (Re)start sshd:
sudo rm /etc/ssh/sshd_not_to_be_run
sudo /etc/init.d/ssh restart
/etc/ssh/sshd_not_to_be_run won’t be there on CSAIL Linux
machines, nor on servers, so don’t worry if you get an error from that
command. But if it is there you’ll need to remove it.