Information for Mac OS X users
Configuring SSH access
Using Kerberos for machines within the lab
For domain-joined machines the simplest option is to use the Kerberos ticket you have from login to access Unix machines.
Otherwise, you first have to get a Kerberos ticket manually by typing into a Terminal shell
$ kinit crsid@AD.CL.CAM.AC.UK
You then can connect using
$ ssh -K slogin-serv.cl.cam.ac.uk
To save yourself having to type “-K” each time, you can also enable Kerberos authentication and delegation by editing /etc/ssh_config to set the following options on
HOST *.cl.cam.ac.uk GSSAPITrustDns yes GSSAPIAuthentication yes GSSAPIDelegateCredentials yes
The actual host list (set above to *.cl.cam.ac.uk) should be restricted to machines you trust for maximum security, since a forwarded ticket with delegation will enable a rogue machine to trivially impersonate you.
Using public/private key pair
Generating the keys
On the Mac, in spotlight type 'terminal' and open a terminal window. In the terminal window type
and accept the default location and enter a suitable passphrase.
Copying the public keys to the laboratory filespace
Copy the file in .ssh called id_rsa.pub to the lab home filespace unix home directory using a memory stick to transfer it via a public Linux machine into the .ssh folder in your home directory.
Then login to a laboratory computer and move the public key into the correct location.
cd .ssh cat ../id_rsa.pub >> authorized_keys
You should then edit the authorized_keys file and set the addresses that this public key can be used form by inserting at the front of the line you just added a string like:-
where you enter the domain you will be using the machine form. You can add multiple domains as a comma seperated list. See the main ssh documentation for more details.
Connecting using ssh
When you have completed the above you should be able to login to laboratory ssh servers by typing something like:-