Re: openssh + active directory

Armand,

I¹m not sure what you are referring to by ³OpenSSH to run completely
integrated with Active Directory² and compiling, but the Windows OpenSSH
package http://sshwindows.sourceforge.net/ (may no longer be maintained)
does permit Active Directory authentication of connecting users if the SSH
daemon is configured to permit such access on a Windows host (mkgroup and
mkpasswd used with -d option).

We have been using this package at work and it does work quite well for us.
I have not looked at copSSH, but it appears to be more up to date, and I may
have a look at it in the next week or so as a replacement.

Cheers,

Frank Pikelner

On 6/19/07 2:13 PM, "Welsh, Armand" <Armand.Welsh@sscims.com> wrote:

> Please keep in mind, that if you want OpenSSH to run completely integrated
> with Active Directory, then you will want to learn how to compile from source,
> so that you can compile the openSSH source with Kerberos authentication turned
> on. Once Kerberos is enabled, then you can SSH between windows and unix boxes
> without supplying a username/password and without using public/private key
> authentication. The authentication will use your Active Directory Kerberos
> Ticket for Identity Authentication instead.
>
> I have not been able to get this working 100%, mainly due to the fact that MIT
> Kerberos for windows doesn't work well with Cygwin packages. And I never had
> enough free time to figure out exactly what patches needed to be made to the
> source to get it all to work.
>
> Armand
>
>
> From: ssh@erdelynet.com [mailto:ssh@erdelynet.com] On Behalf Of Frank Pikelner
> Sent: Monday, June 18, 2007 7:18 PM
> To: ssh@erdelynet.com
> Subject: Re: openssh + active directory
>
> Alan,
>
> Yes, OpenSSH does work with AD. You need to configure OpenSSH config files.
> Send me an email at frank.pikelner@blue-dot.ca and I can provide instructions.
>
> Frank
>
>
> On 6/18/07 9:52 AM, "Alan Neville" <alan@barlan.ie> wrote:
>
>> Hello,
>>
>> I have just installed OpenSSH on a windows 2k3 server and I'm looking for a
>> way to integrate it with Active Directory. Is this possible?
>>
>> Many Thanks,
>>
>> --
>> Alan Neville
>>
>> Technical Support and Helpdesk,
>> Barlan Technologies,
>> Unit a, Broomfield Business Pk, Malahide, Dublin
>>
>> [e] alan dot neville at barlan dot ie
>> [p] +353 1 866 6111
>> [f] +353 1 633 5612
>>
>>
>
>

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com