New version of OpenSSH key exchange patch

Simon Wilkinson simon at
Mon Oct 2 16:49:00 EDT 2006


I'm pleased to be able to announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.4p1.

This patch adds RFC4462 compatibility to OpenSSH, along with adding
additional GSSAPI support that is yet to make it into the main tree.

The patch implements:
   *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key
      exchange mechanisms. This can be enabled through the
      GSSAPIKeyExchange option on both client and server
      ( #1242)
   *) Support for the null host key type
   *) Support for CCAPI caches on Mac OS X
      ( #1245)
   *) Don't penalise the client for authentication failures caused by
      server misconfiguration
      ( #1244)
   *) Better error reporting when using GSSAPI libraries containing
      multiple mechanisms
      ( #1220)
   *) Support for GSSAPI connections to hosts using a round-robin load
      balancer, through the GSSAPITrustDNS client option
      ( #1008)
   *) Support for GSSAPI connections to multi-homed hosts with multiple
      acceptor names, though the GSSAPIStrictAcceptorCheck server option
      ( #928)
   *) Tidy GSSAPI code seperation between client and server
      ( #1225)

As usual the code is available from

Thanks again to everyone who has sent patches and suggestions over the



More information about the Kerberos mailing list