On 11/05/2016 06:58 PM, Angel Campoverde wrote:
Hi,
I hope this is the right mailing list. I upgraded to Sierra and It came
with the new OpenSSH 6.7. When I try to get into a remote machine after
making the kerberos ticket I get:
/Users/angelcampoverde/.ssh/config: line 11: Bad configuration option:
gssapitrustdns
/Users/angelcampoverde/.ssh/config: terminating, 1 bad configuration options
Which suggests that the line:
GSSAPIAuthentication yes
Is not supposed to be in the ~/.ssh/config file anymore. Without this line
I cannot use kerberos to authenticate, I'd have to use the password. Is
Kerberos not supported anymore beyond version 6.6? Is there a patch or a
new line that should be there in that file instead of that one?
Other people seem to have the same problem here:
http://stackoverflow.com/questions/39634166/after-update-mac-os-sierra-can-not-use-ssh-login-remote-system-how-can-i-fix-th
and here:
http://apple.stackexchange.com/questions/256914/macos-sierra-broke-ssh-kerberos-authentication
No answer was given, so I assume this is not a trivial issue.
The GSSAPITrustDNS was never part of portable OpenSSH [1]. This option
originally comes from third party [2] extending kerberos support in
OpenSSH, which is no longer maintained, but can be simply rebased on the
current sources.
The problem in this case is Apple dropping this patch used by many
people, so the Apple is the place where you should ask (or your OpenSSH
packager of your favorite repository).
[1]
https://github.com/openssh/openssh-portable/search?utf8=%E2%9C%93&q=trustdns
[2] http://www.sxw.org.uk/computing/patches/openssh.html
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev