Package: openssh-server Version: 1:7.2p2-1 Severity: normal Dear Maintainer,
After upgrading to 7.2, GSSAPIKeyExchange no longer works: debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1p2 Debian-2 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Debian-1 debug1: match: OpenSSH_7.2p2 Debian-1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to host:22 as 'user' debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q== debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client chacha20-poly1...@openssh.com <implicit> none debug1: kex: client->server chacha20-poly1...@openssh.com <implicit> none debug1: Doing group exchange debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: Received GSSAPI_COMPLETE debug1: Calling gss_init_sec_context debug1: Delegating credentials Disconnecting: Hash's MIC didn't verify Turning off GSSAPIKeyExchange allows me to log in. The other direction (7.2 client, 7.1 server) works as expected. The same version of Kerberos libraries are used on both sides. Gabor -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (102, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.4 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.58 ii dpkg 1.18.4 ii init-system-helpers 1.29 ii libaudit1 1:2.4.5-1+b1 ii libc6 2.22-2 ii libcomerr2 1.42.13-1 ii libgssapi-krb5-2 1.13.2+dfsg-5 ii libkrb5-3 1.13.2+dfsg-5 ii libpam-modules 1.1.8-3.2 ii libpam-runtime 1.1.8-3.2 ii libpam0g 1.1.8-3.2 ii libselinux1 2.4-3+b1 ii libssl1.0.2 1.0.2g-1 ii libsystemd0 229-2 ii libwrap0 7.6.q-25 ii lsb-base 9.20160110 ii openssh-client 1:7.2p2-1 ii openssh-sftp-server 1:7.2p2-1 ii procps 2:3.3.11-3 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages openssh-server recommends: ii ncurses-term 6.0+20160213-1 ii xauth 1:1.0.9-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: openssh-server/permit-root-login: false
