Oh, and I've just seen that there is also an issue with the quotation marks: GSSAPITrustDns Set to “yes to indicate that the DNS is trusted to securely canonicalize” the name of the host being connected to. If “no, the hostname entered on the” command line will be passed untouched to the GSSAPI library. The default is “no”. This option only applies to protocol version 2 connections using GSS‐ API. which is corrected by a 2nd patch attached to this mail.
Colin, you possibly further please clarify, which of the options added by gssapi.patch, actually require GSSAPI key exchange? Thanks, Chris.
diff -u a/ssh_config.5 b/ssh_config.5 --- a/ssh_config.5 2014-10-17 04:20:20.000000000 +0200 +++ b/ssh_config.5 2014-10-17 04:21:55.909882995 +0200 @@ -752,9 +752,11 @@ .Dq no . .It Cm GSSAPITrustDns Set to -.Dq yes to indicate that the DNS is trusted to securely canonicalize +.Dq yes +to indicate that the DNS is trusted to securely canonicalize the name of the host being connected to. If -.Dq no, the hostname entered on the +.Dq no , +the hostname entered on the command line will be passed untouched to the GSSAPI library. The default is .Dq no .
smime.p7s
Description: S/MIME cryptographic signature