[OmniOS-discuss] Disabling GSSAPI Key Exchange from future OpenSSH?
Alex Wilson
alex at cooperi.net
Mon Dec 19 19:31:15 UTC 2016
On 12/19/16 11:27 AM, Dan McDonald wrote:
> OpenSSH 7.4 is coming soon. The maintainer of the illumos patch set is curious about the need for GSSAPI key exchanges in OpenSSH, now that it has completely replaced SunSSH.
>
> I think some of you may use this. Is it mission critical for you? Please provide feedback on here. I'm not sure what will happen, but knowing the fallout one way or the other would help.
>
And to clarify, before we get confusion, this is ONLY about the krb5
*key exchange* feature, not about krb5 authentication. The two are
independent of each other. You can still log in to a machine using krb5
auth without krb5-kex, but you will get prompted about trusting the host
key you're connecting to (instead of automatically trusting it based on
krb5).
More information about the OmniOS-discuss
mailing list