[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
Nicola Mingotti
nmingotti at gmail.com
Sat Apr 10 10:25:24 UTC 2021
To whoever may find the same issues I found:
I got sshd working in Windows10 and Windows server 2016
for now: PASSWORD ONLY AUTHENTICATION, with Domain Users.
In my 2 computers it was fundamental to set this in
C:\ProgramData\ssh\sshd_config
--------- sshd_config --------
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
# --- these options do not work in Windows -----
# GSSAPIKeyExchange yes
# If your version supports this
# GSSAPIStoreCredentialsOnRekey yes
# If your version supports this
# ---- comment these lines or nothing works -------
# Match Group administrators
# AuthorizedKeysFile
__PROGRAMDATA__/ssh/administrators_authorized_keys
-------------------------------
HTH !
PS. still to solve passwordless authentication
bye
Nicola
On 4/10/21 11:15 AM, Nicola Mingotti wrote:
>
>
> On 4/9/21 7:18 PM, Rowland penny via samba wrote:
>>
>> Never thought to try it before, but I installed ssh on a Win10
>> machine and it didn't work. After a bit more googling, I found that
>> (just like Linux) the ssh server needed to be started. After starting
>> the ssh server, I logged in as a domain user.
>>
>> Rowland
>>
>
> I am back at the keyboard ;)
>
> So, I have something working but still, it doesn't work perfectly as I
> wish.
> Let's focus on Windows 10 where probably
> we all using by default the same version of SSH that comes with Windows.
>
> For this test I am using 3 computers:
> 'deb4'. Linux Debian Stable, outside the domain, same LAN
> 'linte'. Linux Debian Stable, inside the domain
> 'domus'. Window10, inside the domain.
>
> The users I will be talking about are 'p', a unix user defined in
> 'deb4' and 'linte'.
> and user 'WINDOM\nicola', a domain user, who has already accessed at
> least once both
> 'linte' and 'domus'.
>
> I applied the configurations suggested in the wiki page:
> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> to 'domus' and 'linte'.
>
> When I run a commmand in a Windows shell it means I am in Powershell.
>
> 1. WINDOM\nicola at domus> ssh localhost # works, asks
> password, why ?
> 2. p at deb4> ssh 'WINDOM\nicola'@linte # works, asks
> password, that is ok
> 3. p at deb4> ssh 'WINDOM\nicola'@domus # works, asks
> password, that is ok
> 4. WINDOM\nicola at linte> ssh domus # works, but asks
> password, why ?
>
> At points (1) and (4) It shouldn't ask me the password since I am
> already authenticated
> by the DC, right ?
>
> Let me know what you think. These are the
> main reasons why I would like to have this working:
>
> 1] I would like to make ssh tunnels to all the machines in the domain, so
> I could encrypt easily all my VNC connections to the machines I manage.
>
> 2] I would like to have only one computer be the chief of automation
> (eg. backups, check free speace etc.). I am used to do it in Unix via
> ssh + public key, since I have the Domain and Windows now It would be
> great to do it with
> Kerberos DC.
>
> Thank you for your help !
>
> bye
> Nicola
>
>
>
>
>
>
>
>
>
>
More information about the samba
mailing list