In the patch, at line 2687 of http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.6p1-gsskex.patch, we have @@ -2488,6 +2495,48 @@ do_ssh2_kex(void) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); +#ifdef GSSAPI + { + char *orig; + char *gss = NULL; + char *newstr = NULL; + orig = myproposal[PROPOSAL_KEX_ALGS]; <<<=== HERE 1 + + /* + * If we don't have a host key, then there's no point advertising + * the other key exchange algorithms + */ + + if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) <<<=== HERE 2 + orig = NULL; Note that at the lines marked HERE 1 and HERE 2, orig refers to two separate things. Is this inconsistency in reference intended? -----Original Message----- From: Andreas Schneider [mailto:asn@xxxxxxxxxxxxxx] Sent: Monday, July 21, 2014 4:16 AM To: openssh-unix-dev@xxxxxxxxxxx Cc: Scott Neugroschl Subject: Re: GSSAPI On Tuesday 15 July 2014 21:52:33 Scott Neugroschl wrote: > If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I > still need to get Simon Wilkinson's patches? As the FreeIPA project has support for managing SSH Keys they have a maintained patchset for GSSAPI support. You can take a look here: http://pkgs.fedoraproject.org/cgit/openssh.git/tree/ -- andreas -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org asn@xxxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev