On 01/13/18 08:08 PM, Gordon Ross wrote:
I have a perplexing bug here, I think. (Or maybe a mis-configuration?)
I set GSSAPIAuthentication=no in .ssh/config but I still see my
ssh client trying to do GSAPI stuff, which times out in DNS.
I want this to work without requiring reverse DNS.
Actually, "getent hosts IPADDR" works, because the IP is
in etc/inet/hosts but as you see below, gssapi calls the DNS
resolver library directly (grumble) instead of getnameinfo
or whatever that would use nsswitch...
Anyone know why with GSSAPIAuthentication=no
I'm still seeing attempts to use gssapi?
Here's the stack while the ssh client is stuck
waiting for the resolver to time out...
Hello.
It could be GSSAPIKeyExchange, which was on by default in Solaris and in
earlier OI OpenSSH versions. At least it's disabled by default to avoid
DNS timeouts since last January.
--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department
_______________________________________________
oi-dev mailing list
[email protected]
https://openindiana.org/mailman/listinfo/oi-dev
