Bug in Sam's OpenSSH patches?

Henry B. Hotz hotz at jpl.nasa.gov
Wed Apr 13 17:48:34 EDT 2005

Thanks, Simon!  I'm sure I'm not the only one happy to get the latest  

And Nico, I appreciate you're confirming my read of the debug printout.  
  I *was* happy!  ;-))  I did get a connection all the way through  
without any questions.  Just confused because it didn't happen the way  
I expected.

On Apr 13, 2005, at 1:47 PM, Simon Wilkinson wrote:

> I've finally got around to producing a patch set for 4.0p1. This both  
> contains support for key-exchange, and adds support for the  
> gssapi-keyex userauth mechanism (which avoids the double  
> authentication steps that started this entire discussion!)
> http://www.sxw.org.uk/computing/patches/openssh-4.0p1-gssapikex.patch
> I've also uploaded the backwards compatibility patch that I posted to  
> the OpenSSH list a while back - this adds an option to enable the old  
> 'gssapi' mechanism, which is vulnerable to a MITM attack under certain  
> circumstances. This is at
> http://www.sxw.org.uk/computing/patches/openssh-3.8p1-gssapimitm.patch
> Cheers,
> Simon.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list