vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-7.1p1-gssapi-documentation.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   4e7cdec7efb7767244f61a93ca3b110547436837
  2.   openssh-7.1p1-gssapi-documentation.patch
Blob History Raw
Jakub Jelen 6cf9b8 
diff -up openssh-7.4p1/ssh_config.5.gss-docs openssh-7.4p1/ssh_config.5
Jakub Jelen 6cf9b8 
--- openssh-7.4p1/ssh_config.5.gss-docs	2016-12-23 14:28:34.051714486 +0100
Jakub Jelen 6cf9b8 
+++ openssh-7.4p1/ssh_config.5	2016-12-23 14:34:24.568522417 +0100
Jakub Jelen 6cf9b8 
@@ -765,10 +765,19 @@ The default is
Jakub Jelen d9d957 
 If set to
Jakub Jelen d9d957 
 .Dq yes
Jakub Jelen d9d957 
 then renewal of the client's GSSAPI credentials will force the rekeying of the
Jakub Jelen d9d957 
-ssh connection. With a compatible server, this can delegate the renewed
Jakub Jelen d9d957 
+ssh connection. With a compatible server, this will delegate the renewed
Jakub Jelen d9d957 
 credentials to a session on the server.
Jakub Jelen d9d957 
+.Pp
Jakub Jelen d9d957 
+Checks are made to ensure that credentials are only propagated when the new
Jakub Jelen d9d957 
+credentials match the old ones on the originating client and where the
Jakub Jelen d9d957 
+receiving server still has the old set in its cache.
Jakub Jelen d9d957 
+.Pp
Jakub Jelen d9d957 
 The default is
Jakub Jelen d9d957 
 .Dq no .
Jakub Jelen d9d957 
+.Pp
Jakub Jelen d9d957 
+For this to work
Jakub Jelen d9d957 
+.Cm GSSAPIKeyExchange
Jakub Jelen d9d957 
+needs to be enabled in the server and also used by the client.
Jakub Jelen 6cf9b8 
 .It Cm GSSAPIServerIdentity
Jakub Jelen 6cf9b8 
 If set, specifies the GSSAPI server identity that ssh should expect when
Jakub Jelen 6cf9b8 
 connecting to the server. The default is unset, which means that the
Jakub Jelen 6cf9b8 
@@ -776,9 +785,11 @@ expected GSSAPI server identity will be
Jakub Jelen 6cf9b8 
 hostname.
Jakub Jelen d9d957 
 .It Cm GSSAPITrustDns
Jakub Jelen d9d957 
 Set to
Jakub Jelen d9d957 
-.Dq yes to indicate that the DNS is trusted to securely canonicalize
Jakub Jelen d9d957 
+.Dq yes
Jakub Jelen d9d957 
+to indicate that the DNS is trusted to securely canonicalize
Jakub Jelen d9d957 
 the name of the host being connected to. If
Jakub Jelen d9d957 
-.Dq no, the hostname entered on the
Jakub Jelen d9d957 
+.Dq no ,
Jakub Jelen d9d957 
+the hostname entered on the
Jakub Jelen d9d957 
 command line will be passed untouched to the GSSAPI library.
Jakub Jelen d9d957 
 The default is
Jakub Jelen d9d957 
 .Dq no .
Jakub Jelen 6cf9b8 
diff -up openssh-7.4p1/sshd_config.5.gss-docs openssh-7.4p1/sshd_config.5
Jakub Jelen 6cf9b8 
--- openssh-7.4p1/sshd_config.5.gss-docs	2016-12-23 14:28:34.043714490 +0100
Jakub Jelen 6cf9b8 
+++ openssh-7.4p1/sshd_config.5	2016-12-23 14:28:34.051714486 +0100
Jakub Jelen 6cf9b8 
@@ -652,6 +652,10 @@ Controls whether the user's GSSAPI crede
Jakub Jelen d9d957 
 successful connection rekeying. This option can be used to accepted renewed
Jakub Jelen d9d957 
 or updated credentials from a compatible client. The default is
Jakub Jelen d9d957 
 .Dq no .
Jakub Jelen d9d957 
+.Pp
Jakub Jelen d9d957 
+For this to work
Jakub Jelen d9d957 
+.Cm GSSAPIKeyExchange
Jakub Jelen d9d957 
+needs to be enabled in the server and also used by the client.
Jakub Jelen d9d957 
 .It Cm HostbasedAcceptedKeyTypes
Jakub Jelen d9d957 
 Specifies the key types that will be accepted for hostbased authentication
Jakub Jelen d9d957 
 as a comma-separated pattern list.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation