Thursday, August 17, 2017

Mac OS SSH Kerberose Single-Sign-On

To use Kerberos Single-Sign-On on a MacBookPro, you can do as follows:
  • Make a copy of /etc/krb5.conf from a server in your company network.
  • Save it into /etc/krb5.confon your MacBookPro. You probably need sudo.
  • Run kinit <your-login>@<realm_name>. If you don’t know what is the realm name is, take a look at /etc/krb5.conf
    [libdefaults]
default_realm = MY.COMPANY.COM
  • Add this line to ~/.ssh/config. Without this line, password method is preferred.
    GSSAPIAuthentication yes
  • Then you can ssh to any host supporting kerberos without typing a password.
  • If your kerberos ticket expires, just run kinit again. You don’t have to provide the principal <your-login>@<realm_name> at this time.
  • Use klist to show when the ticket will expire.
Posted by at No comments:
Labels: , , , ,

Gnome Terminal Profile Export

I usually run screen on a remote server in PROD environment. Whenever I want to access the server, I SSH to that host, and run screen -D -R to resume the session I leave before. Using screen, you don’t have to worry about your SSH session suddenly goes down due to the Internet connection issue.
I also adjust the terminal running the SSH connection with a title and special color scheme so that I can quickly tell this is a PROD environment and need to be careful.
I create a Gnome terminal profile so that I only need to click “File” -> “Open Terminal” -> “prod-env”. “prod-env” is the profile name with all customized attributes:
  • Title
  • Terminal window size
  • Automatically run a command ssh -t <host> screen -D -R
  • Specified color-scheme
How can I share the profile among the multiple environments, e.g., a laptop and a desktop running Gnome environment? Of course, I can set it manually on both of machines. It would be better if I can export the profile and import it on other machines.
It is actually pretty simple. The following command works on CentOS 7.3 and Gnome 3.
  • Export
    dconf dump /org/gnome/terminal/ > /tmp/terminal-profile.dconf
  • Import
    cat /tmp/terminal-profile.dconf | dconf load
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)