In research computing, passwordless SSH makes everything much more convenient, especially when your data and computations are split across an array of cluster resources.
- Follow your sysadmin's kerberos guide. At Stanford, I received a link to the following set of instructions.
- The problem, now, is that that
kinitcreates a kerberos ticket which only authorizes login for a fixed amount of time (e.g. 12 hours), and running
kinitseems to require reentering your password.
But you can get a kerberos ticket using a "keytab" file, which is a hashed version of password that you can store locally. I ran the following, to create a new keytab file in
$ sudo apt-get install kstart # (assuming you're using a debian-based distro) $ cd $HOME && ktutil ktutil: addent -password <MY_USERNAME@DOMAIN.EDU> -k 1 -e rc4-hmac usage: addent (-key | -password) -p principal -k kvno -e enctype <MY_PASSWORD> ktutil: wkt .kerberos.keytab ktutil: quit
Then I added the following line to my
.bashrc. This gets a new kerberos ticket, using the keytab for authentication, every time I log in.
/usr/bin/k5start -f $HOME/.kerberos.keytab