Announce: GSSAPI Key Exchange Patch for OpenSSH 5.7p1

Simon Wilkinson sxw at
Tue Jan 25 05:51:53 EST 2011


I'm pleased to announce the availability of my GSSAPI Key Exchange  
patch for OpenSSH 5.7p1. In addition to adding support for key  
exchange, vital for enterprise users of SSH and Kerberos, it also adds  
a number of other GSSAPI related features:
    *) Cascading Credential Renewal - when enabled, credentials  
renewed on your local workstation are automatically forwarded to hosts  
which you have logged in to.
    *) Load balancer support - GSSAPI connections are now supported to  
hosts behind a round-robin DNS load balancer
    *) Multi-homed host support - GSSAPI connections can be performed  
to hosts where each interface has a unique name
    *) Identity selection - the client and server identity can be  
selected, increasing flexibility in complex authentication scenarios.

The latest version of the code is available from the git repository at

Patches can be downloaded from

The only changes in this release are those necessary for the patch to  
apply to the 5.7p1 tree.



More information about the Kerberos mailing list