...
- Download and install the latest MIT Kerberos for Windows - Use .msi if available
- Choose "Typical Installation"
- Once the client is installed, open it and choose "Get Ticket". Enter your <netid>@UCONN.EDU and password to create a ticket.
...
- Download the latest version of PUTTY for Windows
- Choose the version "A Windows Installer for everything except PuttyTel" (you will need the PuttyGen tool)
- type 'gateway.uits.uconn.edu' into the hostname field
- select the Connection -> SSH -> Kerberos from the categories on the left hand side and enable "Attempt Kerberos Auth"
- Enter <netid>@UCONN.EDU Service Principal Name section.
- Under Auto-Login, select third radio - User name portion of user principal name
- <SET UP THE TUNNEL>
- Select the Sessions category from the left hand side
- Type a meaningful name such as 'gateway server' into the saved sessions text field
- click the save button
SSH shared keys / Putty Method:
http://www.howtoforge.com/ssh_key_based_logins_putty
- Download Putty: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe and save it to somewhere where you can access it
- Download PuttyGen: http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe and save it to somewhere you can access it
- Run PuttyGen.exe
- click the 'Generate' button
- move the mouse around in the window until the progress bar is complete (puttygen uses this to make the key random, this isn't a joke)
- click the 'Save public key' button, and ignore the warning about the keyphrase (what do we click to ignore it?) save the file somewhere handy, name it 'public'
- click the 'Save private key' button, save the file in the same location as the private key, name it 'private'
- Send an email to Mitch and Jim with the subject 'putty public key' and attach the 'public' file that we saved two steps prior
- close 'PuttyGen.exe'
- open 'Putty.exe'
- type 'gateway.uits.uconn.edu' into the hostname field
- select the SSH -> Data from the categories on the left hand side
- type your netid (is this true for the gateway server?) into the 'Auto login user' field
- select SSH -> Auth from the categories on the left hand side
- click the 'Browse' button to the right of the 'Private key file for authentication' field
- Select the file named private that was saved in one of the previous steps
- <SET UP THE TUNNEL>
- Select the Sessions category from the left hand side
- Type a meaningful name such as 'gateway server' into the saved sessions text field
- click the save button
<SET UP THE TUNNEL> Putty
...
- in putty select tunnel from the category list from the left hand side "Connection -> SSH -> Tunnels"
- In source port type 1521
- in Destination type:
- dbserver02.uits.uconn.edu:1521 (For non-production)
- dbserver01.uits.uconn.edu:1521 (For production)
- click the 'add' buttonUse the PUTTYGen tool to create an SSH key for your system (including moving your mouse when instructed to randomize the key)
- Place a request to a UITS admin to grant you access to the Gateway server so you can create tunnels using a proxy
- Set up a Saved Session with tunnels in PUTTY
- Ensure your SSH settings are correct
- Expand the SSH tab
- Configure the security settings for SSH version 2.
- Configure GSSAPI settings as ENABLED for SSH-2
- Configure your tunnels
- Tunnels should use a local port of 1521 or 152(X) if you have multiple tunnels set up (ex: both dbserver01 and dbserver02) remote port is 1521.
- "destination" will be dbserver02.uits.uconn.edu for non-production systems and dbserver01.uits.uconn.edu for production
- Once create, these tunnels should be saved in your PUTTY profile.
Edit the Kerberos configuration file
The Kerberos configuration file must include the settings for UCONN servers:
[realms]UCONN.EDU = {
kdc = kerberos.uconn.edu
admin_server = kadmin.uconn.edu
}
On Windows, the krb5.ini is located in a hidden directory, c:\ProgramData\MIT\Kerberos5
In Unix, the file is located in /etc
Create or edit the existing one and include the realms section.View file name krb5.ini height 250