similar to: GSSAPI Key Exchange on multi-homed host

Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into the OpenSSH source? http://www.sxw.org.uk/computing/patches/openssh.html I'm sure I'm not the only one that uses it and would like to see it become part of the OpenSSH source. Is there something missing or is there some technical/philosophical reason for not including it?

Hi, I solved my ssh GSSAPI problem. There were a lot of solutions on google referring to a proper fqdn in the /etc/hosts file and having the fqdn's/principals in the kerberos server's keytab file but I found out that my problem was that the samba4/kerberos server was running on a multi-homed machine and that the ssh server kerberos authentication needed the following parameter in order

Hi, I'm pleased to be able to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.4p1. This patch adds RFC4462 compatibility to OpenSSH, along with adding additional GSSAPI support that is yet to make it into the main tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. This can be enabled through the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's that time again! There's been another OpenSSH release, and once again, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for it. Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the user. For sites with a deployed Kerberos

The recent addition of auth_gssapi_hostname is a welcome addition, but a little more is needed for multi-homed (or multi-domained) sites. SSH recently added this enhancement to address this common need: GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If ?yes? then the client must

https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Bug ID: 2637 Summary: GSSAPIStrictAcceptorCheck should default to 'yes' Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee:

Is it possible to move a server's public and private keys from one host to another? Or perhaps a better way to ask what I really want... is it possible to configure a server on a new host to return the same public key it did on the old host? I'm in the process of migrating our CVS server from a Solaris host to a Linux host (this weekend) and I just realized the hostkey is going to

I'm randomly getting the following error on a server from various remote hosts: ssh_exchange_identification: Connection closed by remote host The server is running OpenSSH 4.5p1 w/GSSAPI Key Exchange patch. The hosts connecting to it should all be using OpenSSH 5.0p1 w/GSSAPI Key Exchange patch and using gssapi-keyex authentication. Normally, when I've seen this error, it means

http://bugzilla.mindrot.org/show_bug.cgi?id=928 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 ------- I'd rather see us move towards just using

On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 17/05/2020 23:10, Michael Jones wrote: > > Why? > Amongst others, you may get: > > Slow / Failed logins > Replication issues > Group policy access issues > login script issues > > A multi-homed DC (for whatever reason) is a bad idea. > > Rowland > I

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Michael Jones via samba > Verzonden: maandag 18 mei 2020 11:34 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] Best practice multi-homed AD DC > > On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba < > samba at lists.samba.org> wrote: >

On Sun, May 17, 2020 at 1:43 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 17/05/2020 19:30, Johannes Engel via samba wrote: > > Dear all, > > > > as I am currently planning a network with Samba AD DC I was wondering if > > you can recommend any best practice for a multi-homed AD DC. > > Best practise is: do not multi-home a DC. >

Last June I asked the following question, but didn't receive any responses: http://marc.info/?l=openssh-unix-dev&m=124406679122871&w=2 I just did the same test using openssh-5.3p1 and the results are the same. Is this a bug? Or intentional? If it's a bug, I'll report it. If it's intentional, any chance it could be changed? Or a server-side way to override it?

Has anyone successfully built openssh with MIT's KfW (Kerberos for Windows) under Cygwin? Is it even possible? Searching around I found one reference to Nicolas Williams attempting to do this several years ago, but no indication of success and nothing more recent. http://www.cygwin.com/ml/cygwin/2002-01/msg00100.html What about compiling openssh using a native windows compiler? Is

Is there any way to define openssh options via an env var? Something like: SSH_OPTIONS='-oBatchMode=yes ...' or SSH_CONFIG=/path/to/alternate/ssh_config The reason I'd like to be able to use this is so I can override certain options without interfering with the users normal configuration file. In the case of commands that indirectly call ssh, like cvs, there's no way

I'm using Cygwin OpenSSH 5.1 on a Windows XP SP3 system. Is sshd supposed to create a new "login session" for each user that logs in? Or, is there a way to force it to create a new "login session" for each user that logs in? Once logged in, I'm trying to use the Kerberos for Windows command line utilities (klist/kinit), but I'm told by one of the KfW

Starting with openssh 5.1 the following code fails (when executed on a remote host)... prior to 5.0 this worked, ie S_ISSOCK says STDIN is a socket. struct stat s; fstat(STDIN_FILENO, &s); if (S_ISSOCK(s.st_mode)) // STDIN is a socket else // STDIN is not a socket Soo... if I have a command on a remote host that includes the above code and I ssh to the remote host

Hi, I'm having a problem with ssh and sssd in a samba4 ad environment. If I logon a linux client everything works fine. When entering klist I'm able to see my ticket. When I try to connect/logon to another linux client with ssh it is possible, but klist shows: klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found. So the ticket cache is not created during

Dear all, as I am currently planning a network with Samba AD DC I was wondering if you can recommend any best practice for a multi-homed AD DC. My current plan is to have one NIC for Samba services and a second one dedicated to management functions (e.g. SSH) on a separate network restricted to admin users. In a testbed scenario I already discovered that once both adapters exist, samba seems to

How difficult would it be to enhance the client ssh_config file to allow command-based declarations similar to that provided by the "Host" keyword? The main reason I need something like this is when ssh is used via CVS and Subversion. I want all CVS/Subversion traffic to use a different SSH port and different authentication options. So... you might have an ssh_config file that