Package: openssh-client Version: 1:6.6p1-2 Severity: normal Starting with version 6.6 ssh re-reads ssh_config on CanonicalizeHostname:
http://www.openssh.com/txt/release-6.6 * ssh(1): if hostname canonicalisation is enabled and results in the destination hostname being changed, then re-parse ssh_config(5) files using the new destination hostname. This gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. This works fine except GSSAPIDelegateCredentials in /etc/ssh/ssh_config. The buggy combination is: /etc/ssh/ssh_config: host * GSSAPIDelegateCredentials no ~/.ssh/config: host * CanonicalizeHostname yes CanonicalDomains mydomain.com host foo.mydomain.com GSSAPIKeyExchange yes GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPIRenewalForcesRekey yes % ssh foo klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_<UID>) If I comment out GSSAPIDelegateCredentials in /etc/ssh/ssh_config or do ssh foo.mydomain.com I get forwarded credentials. -- sergio. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
