[oi-dev] OpenSSH 7.2 GSSAPIAuthentication=no broken?
Gordon Ross
gordon.w.ross at gmail.com
Sat Jan 13 17:08:26 UTC 2018
I have a perplexing bug here, I think. (Or maybe a mis-configuration?)
I set GSSAPIAuthentication=no in .ssh/config but I still see my
ssh client trying to do GSAPI stuff, which times out in DNS.
I want this to work without requiring reverse DNS.
Actually, "getent hosts IPADDR" works, because the IP is
in etc/inet/hosts but as you see below, gssapi calls the DNS
resolver library directly (grumble) instead of getnameinfo
or whatever that would use nsswitch...
Anyone know why with GSSAPIAuthentication=no
I'm still seeing attempts to use gssapi?
Here's the stack while the ssh client is stuck
waiting for the resolver to time out...
24572: ssh -vvv oi-test
fea53385 pollsys (8043214, 1, 80431a8, 0)
fe9e50b6 poll (8043214, 1, 1388, 0) + 66
fef4e0e1 send_dg (8143b50, 80439c0, 25, 81a4bbc, 10000, 8043948) + 391
fef4ea68 res_nsend (8143b50, 80439c0, 25, 81a4bbc, 10000, 400) + 595
fef4cbb2 res_nquery (8143b50, 8043e1f, 1, 1, 81a4bbc, 10000) + 14d
fef4ce90 res_nquerydomain (8143b50, 8140bb5, 8143bb0, 1, 1, 81a4bbc) + 131
fef4d088 res_nsearch (8143b50, 8140bb5, 1, 1, 81a4bbc, 10000) + 1ed
fef22c05 ho_byname2 (8160890, 8140bb5, 2, fef4479a, 0, ffffffff) + 216
fef25e79 ho_byname2 (81608bc, 8140bb5, 2, 401, 0, fefc35c2) + 75
fef29132 gethostbyname2_p (8140bb5, 2, 815f7e0, fef29188, feac2804, 0) + 123
fef2936d res_getipnodebyname (8140bb5, 2, 0, 8045088) + 20d
fe8fd75d krb5_sname_to_principal (81416a0, 8140bb5, 8140bb0, 3,
8045608, 40) + 94
fe8960da krb5_gss_import_name (813f59c, 812b8f8, 812b908, 80456b8) + 12e
fe89780c k5glue_import_name (0, 813f59c, 812b8f8, 812b908, 80456b8,
fec998d6) + 24
fec8a1d2 __gss_import_internal_name (813f59c, 812b8e8, 812fae8,
80456b8, 0, 812fae8) + 52
fec85c3f gss_init_sec_context (813f59c, 0, 813f5a0, 812fae8, 812b8e8, 22) + be
080ac1b3 ssh_gssapi_check_mechanism (0, 81406a8, 812b838, 0) + 1ef
080ac349 ssh_gssapi_client_mechanisms (812b838, 8107fdf, 82, 0,
feac2804, 0) + 105
08078779 ssh_kex2 (812b818, 812b040, 16, fea53d35, 812b818, 812b040) + 2c5
08073869 ssh_login (8128f90, 812b648, 812b040, 16, 812c428) + a5
08065bf0 main (804797c, feacf2c8, 80479b0, 806331b, 3, 80479bc) + 19c0
0806331b _start (3, 8047ae8, 8047aec, 8047af1, 0, 8047af9) + 83
24479: ssh oi-test
fea53385 pollsys (80456e0, 2, 0, 0)
fe9ea249 pselect (9, 812b818, 812b7f8, feacbfe0, 0, 0) + 232
fe9ea54b select (9, 812b818, 812b7f8, 0, 0, 0) + 8e
0807138f client_loop (1, 7e, 0, 8140e20, 0, 0) + 51f
08065f92 main (804797c, feacf2c8, 80479b8, 806331b, 2, 80479c4) + 1d62
0806331b _start (2, 8047aec, 8047af0, 0, 8047af8, 8047b0f) + 83
More information about the oi-dev
mailing list