Patches supporting GSSAPI Key Exchange in OpenSSH 4.3p2 are now available from http://www.sxw.org.uk/computing/patches/openssh.html These patches add support for performing GSSAPI key exchange to the OpenSSH client and server. Whilst OpenSSH contains support for using GSSAPI in the user authentication step, this is inadequate for many sites, as it doesn't provide a mechanism for using GSSAPI/Kerberos to verify the server's identity to the user. Using GSSAPI key exchange uses Kerberos to validate the servers identity, and can eliminate the need to maintain known hosts files of server public keys across your site. These patches also contain a number of improvements as a result of resyncing against the Debian patch set, including: *) Support for the CCAPI on Darwin *) Support for the Security Session API on Darwin *) Support for not counting failures due to bad server configuration against the clients number of permitted authentication attempts Thanks to Sam Hartman, Alexandra Ellwood and Harald Barth Cheers, Simon.