4

I need to use the GSSAPITrustDns option to connect to a round robin service using Kerberos authentication. This works correctly using OpenSSH 5.3 and 6.6.1p1 on a selection of machines. I have an Arch linux machine that has OpenSSH 6.7 and my ~/.ssh/config is common between all these systems. Under OpenSSH 6.7 I get the following error on any usage of ssh:

~/.ssh/config: line 91: Bad configuration option: gssapitrustdns
~/.ssh/config: terminating, 1 bad configuration options

This prevents ssh from doing anything on that machine until I manually remove those lines. Of course that means Kerberos authentication doesn't work on that machine. I can't seem to find anything about this issue so I'm asking here before looking into it closer.

Morphit
  • 226
  • 1
  • 7
  • Unfortunately I have the exact same problem. did you find a solution in the end? – Mike H-R Nov 13 '14 at 13:45
  • There's a package in the AUR that has the GSSAPI patches applied to OpenSSH-6.2p2-2: https://aur.archlinux.org/packages/openssh-gssapikeyexchange/. I haven't tested it since I don't have physical access to the machine very often and I'm loathe to try replacing ssh via ssh. – Morphit Nov 14 '14 at 14:51
  • Hahaha, yeah, that sounds like it could be dangerous. Unfortunately I'm not on arch (I am at home but this is a work-computer issue) so was wondering if you'd found any other non-package-manager specific workarounds. Thanks anyways. – Mike H-R Nov 14 '14 at 14:55
  • You should complain to your packager that they should apply the appropriate patch :) ref: https://sources.debian.net/patches/openssh/1:7.5p1-5/ (or is it already fixed in newer versions?) – rogerdpack Sep 27 '17 at 17:47

0 Answers0