Versions Compared

Old Version 2

changes.mady.by.user Thomas Berger

Saved on

compared with

New Version Current

changes.mady.by.user Matt Bixley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Ensure you are using the latest version of MobaXterm

  • Open MobaXterm and navigate to Settings → Configuration (global settings, not session settings!)

  • Select SSH tab and configure the settings as indicated below. Ensure you enter the Domain you are going to use

...

  • , which for AgResearch staff is agresearch.co.nz, and set your default login as username@agresearch.co.nz

Image Added

  • Click OK

  • Create a new connection and configure it as indicated below. Ensure the ‘Specify username’ is set to default (which will be filled in from global settings). This indicates that the system username (the username you used to log into the workstation) is going to be used. For AgResearch staff the hostname is login-0.

...

  • eri.agresearch.co.nz.

...

  • Click OK and connect. If all is well, this should give a shell prompt on login-0 with no need to type a username or password.

Windows Subsystem for Linux (WSL)

...

You can test whether WSL is installed by opening 'Windows PowerShell' and typing wsl.

Connect to the destination utilising the Kerberos ticket:

ssh -K

Kerberos configuration

The following is required in /etc/krb5.conf inside your WSL distro for ssh to work with Kerberos:

Code Block
[libdefaults]
 default_realm = AGRESEARCH.CO.NZ
 dns_lookup_realm = true
 dns_lookup_kdc = true
 forwardable = true

[realms]
 IAM.FLEXI.NESI.ORG.NZ = {
  dns_canonicalize_hostname = false
  rdns = false
 }

[domain_realm]
 agresearch.co.nz = AGRESEARCH.CO.NZ
 .agresearch.co.nz = AGRESEARCH.CO.NZ
 .eri.agresearch.co.nz = IAM.FLEXI.NESI.ORG.NZ
 eri.agresearch.co.nz = IAM.FLEXI.NESI.ORG.NZ

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   krb4_convert = false
 }

ssh configuration

The following in ~/.ssh/config means less has to be specified on the command line:

Code Block
Host login-0 login-0.eri.agresearch.co.nz
     HostName login-0.eri.agresearch.co.nz
     User <USERID>@agresearch.co.nz          # eg blogsj@agresearch.co.nz
     GSSAPIAuthentication yes

Get a Kerberos ticket

In case klist shows no tickets:

Code Block
kinit

Connect to the destination utilising the Kerberos ticket:

Requires the above ssh configuration for this brief command to work:

ssh login-0