You are here

kerberos

ssh_exchange_identification: read: Connection reset by peer

When connecting from outside inf.ed.ac.uk using ssh, several failed login attempts in a row may produce an error such as:

ssh_exchange_identification: read: Connection reset by peer

This message can appear for a number of reasons, but in particular it may mean that your ssh logins are now being blocked for security reasons. This block is triggered automatically whenever several login failures are made in a short space of time. If this happens to you, wait a while then try again - the block is only temporary.

Kerberos for Cygwin

Kerberos support exists for Cygwin, but might not be in the standard package set installed by default. To install and use Kerberos for use with ssh in Cygwin:

Cosign SPNEGO

Informatics has added SPNEGO support to web servers which use the Cosign service. This means that Informatics users using compatible browsers - currently Firefox and Chrome (†) on all platforms - can authenticate to such web services using their existing Kerberos credentials, and without being prompted for their username and password.

Kerberos for Mac OS X

Mac OS X comes with kerberos already installed.

There are two ways to authenticate to your DICE account using Kerberos on the Mac - using the command-line Terminal utility, or using the graphical Ticket Viewer. This document describes both.

Kerberos for Ubuntu

This document describes how to install and configure Kerberos for Ubuntu.

AFS for Debian / Ubuntu

This page describes steps to get connectivity with DICE AFS on a non-DICE Debian (or derivative, e.g. Ubuntu) system.

Super-quick Summary

This should work for most Debian >=5 and Ubuntu >=10.x machines.

Run the following commands in a terminal. You might be prompted for some of the following:

Connecting from outside the University - an overview

A major feature of the Informatics computing infrastructure is that you can easily and securely access your data and make use of computing resources from outside the School's own intranet. To do this however, you need to have certain software packages installed on your computer. Although there are pages on this site telling you how to install these packages, they don't really explain what they do, why you need them and how they interact. This page fills that gap.

Kerberos for Windows

IMPORTANT NOTE: The secure-endpoints website, which distributes Heimdal Kerberos and Network Identity Manager has been intermittently unavailable for the last few months. Because of this, we are recommending that if you are installing Kerberos to give you access to the School's OpenAFS file system and you are comfortable using Windows command prompt, then you should use the version of Kerberos which comes as part of the Auristor OpenAFS client and follow the procedure detailed in AFS for Windows to obtain Kerberos credentials and AFS tokens.

Why do we need Kerberos?

Note: This is an historical document, dating from the original design of the DICE infrastructure. It's retained here both for interest, and for the sake of the historical record.

Why do we need kerberos ?

What is Kerberos?

Kerberos is a network authentication protocol. It provides strong authentication for client/server applications so that a client can prove its identity to a server (and vice versa) across an insecure network connection. When you log in, your client contacts the Kerberos server and uses your password to prove your identity. In return it receives a ticket which is valid for a fixed period of time (at our site, 18 hours). Kerberos is about using tickets instead of passwords to get access to services running on servers.

Pages

Subscribe to kerberos

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic

Pages