[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Nicola Mingotti nmingotti at gmail.com
Sat Apr 10 09:15:25 UTC 2021



On 4/9/21 7:18 PM, Rowland penny via samba wrote:
>
> Never thought to try it before, but I installed ssh on a Win10 machine 
> and it didn't work. After a bit more googling, I found that (just like 
> Linux) the ssh server needed to be started. After starting the ssh 
> server, I logged in as a domain user.
>
> Rowland
>

I am back at the keyboard ;)

So, I have something working but still, it doesn't work perfectly as I wish.
Let's focus on Windows 10 where probably
we  all using by default the same version of SSH that comes with Windows.

For this test I am using 3 computers:
'deb4'. Linux Debian Stable, outside the domain, same LAN
'linte'. Linux Debian Stable, inside the domain
'domus'. Window10, inside the domain.

The users I will be talking about are 'p', a unix user defined in 'deb4' 
and 'linte'.
and user 'WINDOM\nicola', a domain user, who has already accessed at 
least once both
'linte' and 'domus'.

I applied the configurations suggested in the wiki page:
https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
to 'domus' and 'linte'.

When I run a commmand in a Windows shell it means I am in Powershell.

1. WINDOM\nicola at domus> ssh localhost             # works, asks 
password, why ?
2. p at deb4> ssh 'WINDOM\nicola'@linte              # works, asks 
password, that is ok
3. p at deb4> ssh 'WINDOM\nicola'@domus              # works, asks 
password, that is ok
4. WINDOM\nicola at linte> ssh domus                 # works, but asks 
password, why ?

At points (1) and (4) It shouldn't ask me the password since I am 
already authenticated
by the DC, right ?

Let me know what you think. These are the
main reasons why I would like to have this working:

1] I would like to make ssh tunnels to all the machines in the domain, so
I could encrypt easily all my VNC connections to the machines I manage.

2] I would like to have only one computer be the chief of automation
(eg. backups, check free speace etc.). I am used to do it in Unix via
ssh + public key, since I have the Domain and Windows now It would be 
great to do it with
Kerberos DC.

Thank you for your help !

bye
Nicola













More information about the samba mailing list