-1Petr
Kulhanek
kulhanek@chemi.muni.cz
National Center for Biomolecular Research, Faculty of Science
Masaryk University, Kamenice 5, CZ-62500 Brno
Remote Access to Linux (Unix)
from MS Windows
Native applications (Putty, WinSCP, VcXsrv) + Kerberos
PS / 2020 Distance form of teaching: Rev3
-2Remote
Access
Remote
Linux
machine
MS Windows
Putty
WinSCP
command line, (X-forward)
copyig/moving files
GUI
VcXsrv GUI
➢ Putty
➢ WinSCP
+ Kerberos
-3Kerberos
- Workflow
PC
node02
node03 nodeXX
login between nodes of
cluster without having to enter a password
with password (your local account)
with password (eINFRA for the WOLF cluster)
without password during validity of krb5 tickets
(password is entered each time)
PC
MIT Kerberos for Windows
(password required once)
B) Recommended mode for your personal computers with MS Windows.
PC
(pam_krb5)
A)
B)
C)
WOLF cluster
-4MIT
Kerberos for Win - Installation
https://web.mit.edu/kerberos/dist/
1. Install MIT Kerberos for Windows (version 4.1), do not restart the computer.
2. Download the configuration file krb5.conf for realm META from study materials of
course C2110 (directory config, or link in the interactive syllabus Lesson 2). Save the file
to a directory Documents (or another one of your choice).
3. Set the environment variable KRB5_CONFIG so that it contains the path to the file
krb5.conf.
4. Set the environment variable KRB5CCNAME so that it contains the path to the file
krb5cc (this file does not exist, it will be created by the program) in the same directory
as the krb5.conf file.
5. See the next page for variable settings.
6. Restart the computer.
-5MIT
Kerberos for Win - Installation
Edit the environment variables for your account
Edit system environment variables
1
2
-6MIT
Kerberos for Win
1. Start the MIT Kerberos application Ticket Manager.
2. Create/restore Kerberos ticket.
1
3
2
Login name (eINFRA) + password for username@META
-7Putty
Configuration
Login name settings.
krb5 authentication.
Transfer krb5 tickets to a remote machine
(only for trusted remote machines).
-8WinSCP
Configuration
the password is not entered
Delegation is required for work with
storages and AFS (details in C2115), not
required for routine work.