Configure ssh for Password-less Login to lxplus or Other Linux Boxen

If you have a valid kerberos ticket you can configure ssh to forward your credentials, allowing password-less connections to lxplus or other properly configured linux boxen.

The necessary configuration can be applied in two places on your Mac:

  1. In /etc/ssh_config (not sshd_config!). In that case it is applied to all accounts on the Mac. Editing this file requires sudo privileges, but we will see further down why we want to edit this in any case...
  2. In ~/.ssh/config. In that case it is applied to your account only.

You should only forward your credentials to hosts that are trustworthy. If you forward your credentials to a roque host you run the risk that somebody abuses your credentials. So it is important to have the settings in question iside a 'Host' block for trusted hosts only! Do not put these settings in a 'Host *' block! In the following snippet the settings apply to the hosts "lxplus", "svn", "mylinuxbox" and all hosts matching "pcmydepmygroup*".


Host lxplus svn mylinuxbox pcmydepmygroup*

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange no



When connecting to lxplus or other linux boxen, we are often greeted with messages like


perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

We can avoid these by deleting or commenting out the line

   SendEnv LANG LC_*

from /etc/ssh_config. Unfortunately there is no way to achieve the same result by any parameter in ~/.ssh/config.

You are here