[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
Nicola Mingotti
nmingotti at gmail.com
Sat Apr 10 09:15:25 UTC 2021
On 4/9/21 7:18 PM, Rowland penny via samba wrote:
>
> Never thought to try it before, but I installed ssh on a Win10 machine
> and it didn't work. After a bit more googling, I found that (just like
> Linux) the ssh server needed to be started. After starting the ssh
> server, I logged in as a domain user.
>
> Rowland
>
I am back at the keyboard ;)
So, I have something working but still, it doesn't work perfectly as I wish.
Let's focus on Windows 10 where probably
we all using by default the same version of SSH that comes with Windows.
For this test I am using 3 computers:
'deb4'. Linux Debian Stable, outside the domain, same LAN
'linte'. Linux Debian Stable, inside the domain
'domus'. Window10, inside the domain.
The users I will be talking about are 'p', a unix user defined in 'deb4'
and 'linte'.
and user 'WINDOM\nicola', a domain user, who has already accessed at
least once both
'linte' and 'domus'.
I applied the configurations suggested in the wiki page:
https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
to 'domus' and 'linte'.
When I run a commmand in a Windows shell it means I am in Powershell.
1. WINDOM\nicola at domus> ssh localhost # works, asks
password, why ?
2. p at deb4> ssh 'WINDOM\nicola'@linte # works, asks
password, that is ok
3. p at deb4> ssh 'WINDOM\nicola'@domus # works, asks
password, that is ok
4. WINDOM\nicola at linte> ssh domus # works, but asks
password, why ?
At points (1) and (4) It shouldn't ask me the password since I am
already authenticated
by the DC, right ?
Let me know what you think. These are the
main reasons why I would like to have this working:
1] I would like to make ssh tunnels to all the machines in the domain, so
I could encrypt easily all my VNC connections to the machines I manage.
2] I would like to have only one computer be the chief of automation
(eg. backups, check free speace etc.). I am used to do it in Unix via
ssh + public key, since I have the Domain and Windows now It would be
great to do it with
Kerberos DC.
Thank you for your help !
bye
Nicola
More information about the samba
mailing list