如何手動指定 ssh -K 的令牌 (tgt)？

據我了解，發行ssh -K somehost將使​​用 kerberos 令牌進行身份驗證somehost。是否可以指定使用哪個檔案作為令牌？

請注意，我的電腦上未正確設定 Kerberos，但我僅從正確設定了 Kerberos 的電腦複製了 TGT。

更具體地說，我將令牌複製到/tmp/krb5cc_1000（其中 1000 是我的 uid），以便klist按以下方式識別令牌：

➜  ~ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]

Valid starting       Expires              Service principal  
XXXX  
XXXX

我想這樣做，因為我目前需要ssh從我的筆記型電腦 (L) 到網關伺服器 (G)，我可以在該網關伺服器上發出令牌，然後 ssh 到最終伺服器 (S)。鑑於令牌可能在較長時間內有效，並且透明的 ssh 轉發將簡化我的開發設置，我的目標是設置 ssh ProxyCommand。但是，ssh ProxyCommand 要求所有金鑰/令牌都存在於本機電腦 (L) 上。

目前我正在使用 ProxyCommand，如下所示：

ProxyCommand ssh gateway nc %h %p

這使我能夠建立與 (S) 的連接，但身份驗證未完成：

OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: /home/user/.ssh/config line 10: Applying options for S
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec ssh GW nc S -p 22
debug1: permanently_drop_suid: 1000
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Remote is NON-HPN aware
debug1: Authenticating to S:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: REQUESTED ENC.NAME is '[email protected]'
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: REQUESTED ENC.NAME is '[email protected]'
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

GSSAPIAuthentication yes據我所知，我已嘗試設定應強制通過 kerberos 進行身份驗證。