On Mon, 7 Mar 2011, Nico Kadel-Garcia wrote:
Have you backported OpenSSH 5.x to CentOS 5? Because I don't see the full features set without OpenSSH 5.x, such as "GSSApiKeyExchange".
Nope, I like the simple life.
Hmm. What you've described is an ssh_config option, which is set to "no" by default. I'll have to look into that. There have been some interesting..... traction issues with using the backported OpenSSH 5.x I'm currently reliant on for CentOS 5 and RHEL 5.
I'm stock 5.5:
openssh-server-4.3p2-41.el5_5.1 openssh-4.3p2-41.el5_5.1 openssh-clients-4.3p2-41.el5_5.1
Server needs:
GSSAPIAuthentication yes GSSAPICleanupCredentials yes
Most probably you also want:
AllowGroups blah
Client needs:
GSSAPIAuthentication yes
If you want key forwarding, you also need:
GSSAPIDelegateCredentials yes
Works like a charm, and GSSAPI auth works with putty, delegation doesn't seem to.
jh