Re: Kerberos + Openssh 6.7 issue in MacOS sierra

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 11/05/2016 06:58 PM, Angel Campoverde wrote:
Hi,

I hope this is the right mailing list. I upgraded to Sierra and It came
with the new OpenSSH 6.7. When I try to get into a remote machine after
making the kerberos ticket I get:

/Users/angelcampoverde/.ssh/config: line 11: Bad configuration option:
gssapitrustdns
/Users/angelcampoverde/.ssh/config: terminating, 1 bad configuration options

Which suggests that the line:

   GSSAPIAuthentication      yes

Is not supposed to be in the ~/.ssh/config file anymore. Without this line
I cannot use kerberos to authenticate, I'd have to use the password. Is
Kerberos not supported anymore beyond version 6.6? Is there a patch or a
new line that should be there in that file instead of that one?

Other people seem to have the same problem here:

http://stackoverflow.com/questions/39634166/after-update-mac-os-sierra-can-not-use-ssh-login-remote-system-how-can-i-fix-th

and here:

http://apple.stackexchange.com/questions/256914/macos-sierra-broke-ssh-kerberos-authentication

No answer was given, so I assume this is not a trivial issue.
The GSSAPITrustDNS was never part of portable OpenSSH [1]. This option originally comes from third party [2] extending kerberos support in OpenSSH, which is no longer maintained, but can be simply rebased on the current sources. The problem in this case is Apple dropping this patch used by many people, so the Apple is the place where you should ask (or your OpenSSH packager of your favorite repository).

[1] https://github.com/openssh/openssh-portable/search?utf8=%E2%9C%93&q=trustdns
[2] http://www.sxw.org.uk/computing/patches/openssh.html

Regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux