openssh-server_8.9p1-3ubuntu0.7_amd64.deb does fix the gssapi-keyex
problem for us on jammy
Syslog output is as expected
===
2024-04-08T08:09:53.608275+02:00 somehost sshd[169530]: Authorized to root,
krb5 principal xxx/r...@our.do.main (krb5_kuserok)
2024-04-08T08:09:53.619114+02:00 somehost
We have this in sshd_config
===
Match User root
GSSAPIAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
PubkeyAuthentication no
AuthenticationMethods gssapi-keyex gssapi-with-mic
===
Grab a kerberos root ticket and do ssh as root
Verifying this should be fairly simple.
Look at the definition of Authmethod in auth.h and compare to how
method_gssapi is initialized compared to method_gsskeyex.
As for it being the only report it is only "AuthenticationMethods gssapi-keyex"
that is not working.
We have "AuthenticationMethods
** Summary changed:
- openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex mathod is slightly
wrong
+ openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is slightly
wrong
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Public bug reported:
The Authmethod struct now have 4 entries but the initialization of the
method_gsskeyex in the debian/patches/gssapi.patch only have 3 entries.
The struct was changed in upstream commit
dbb339f015c33d63484261d140c84ad875a9e548 as
===
@@ -104,7 +104,8 @@ struct Authctxt {
Yes, please fix for 16.04.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1531622
Title:
default config still using a legacy keyword:
KLogPermitNonKernelFacility
6 matches
Mail list logo
