Bug in Sam's OpenSSH patches?

Henry B. Hotz hotz at jpl.nasa.gov
Wed Apr 13 13:23:35 EDT 2005

"Me too!"  (TM)  ;-)

The only patches of yours I could Google were the ones for OpenSSH 3.6.  
  If you've something newer/better I'd love to have it.

On Apr 13, 2005, at 7:19 AM, Jeffrey Altman wrote:

> Please share.
> Jeffrey Altman

I freely admit I don't understand all the debugging printout leading up  
to the UserAuth stuff.  However I can say that Sam's package *did*  
connect with the Solaris sshd without the famous question even though  
there was no entry in the known_hosts file.  Is that another bug, or is  
it just less complete than yours?

> Simon Wilkinson wrote:
>> Henry B. Hotz wrote:
>>> I D/L'd and built on MacOS 10.3.  Tried client against Solaris 10
>>> server.
>>> It works without any keys in the known_hosts file, but it uses
>>> gssapi-with-mic for the userauth method instead of gssapi-keyex.
>> Sam's Debian package appears to contain an older version of my patches
>> for doing key exchange with OpenSSH. These patches don't support
>> gssapi-keyex. The new gssapi-keyex method is a fairly recently
>> replacement for the flawed external-keyex user auth mechanism.
>> I do have patches to implement both gssapi-keyex, and the new GSSAPI
>> Diffie Hellman group exchange mechanisms, which I'd be happy to give
>> to those who want.
>> Cheers,
>> Simon.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list