-
Titolo
Error during ssh: Server had a GSS-API error; the connection will close (458752/2) -
Descrizione
When trying to ssh from one QAS client to another, the connection fails with the following message:
Server had a GSS-API error; the connection will close (458752/2):
No credentials were supplied, or the credentials were unavailable or inaccessible
No such file or directory
Use the GssKeyEx option to disable GSS-API key exchange and try again.
Disconnecting: The server had a GSS-API error during GSS-API protected SSHv2 key exchange
-
Causa
-
Risoluzione
There are three possible solutions to this:
1) Replace the /etc/krb5/krb5.conf file with a link to the vas.conf file. The vas.conf file contains Kerberos settings that can be used by ssh or other Kerberized applications. The krb5.conf file may be in a different location for a different O/S.
# mv /etc/krb5/krb5.conf /etc/krb5/krb5.conf.sav (if krb5.conf exists)
# ln -s /etc/opt/quest/vas/vas.conf /etc/krb5/krb5.confand restart sshd. There may be other GSS-API errors that would need to addressed as well; the vas.conf documentation covers all the Kerberos options.
2) Disable GSS-API in ssh
Put the following two lines in ssh_config and sshd_config on each affected host to disable GSS-API in ssh:
GSSAPIAuthentication=no
GSSAPIKeyExchange=noand restart sshd. This will also disable any SSO that uses ssh, which may be a consideration in some environments.
3) Use Quest ssh, which uses the QAS keytab.