Sudden change in ssh behavior.
akonstam at trinity.edu
akonstam at trinity.edu
Tue Nov 22 22:01:05 UTC 2005
On Tue, Nov 22, 2005 at 11:25:51AM -0600, J. K. Cliburn wrote:
> On 11/22/05, akonstam at trinity.edu <akonstam at trinity.edu> wrote:
> > Suddenly ssh-ing to any of our machines causes the following error.
> > /etc/ssh/ssh_config line 40: Unsupported option "GSSAPIAuthentication"
> > Anyone know what that means?
>
> For some reason, GSSAPIAuthentication is set to "yes" in the default
> ssh_config file distributed with FC4. This causes the client to issue
> a DNS query looking for _kerberos.<FQDN> every time you execute the
> ssh command. I found this one evening when my ISP service was dead,
> but I still wanted to ssh into another machine on my home network.
> There was a mysterious delay in the login that was revealed when I ran
> a packet capture on the client. The delay was due to the absence of a
> DNS server for the _kerberos.<FQDN> lookup (because my ISP was dead).
> I set GSSAPIAuthentication to "no" and the delay disappeared. Unless
> you're actually using GSSAPI authentication, you should be able to
> safely set the flag to "no" in your /etc/ssh_config file.
>
> This still doesn't explain why you suddenly started getting the error, though.
That makes sense , so I changed GSSAPIAuthentication to no, then
restarted sshd for goo measure. The error remains, but it is only ssh-ing
from our server so something must have changed on the server.
--
=======================================================================
Drawing on my fine command of language, I said nothing.
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
telephone: (210)-999-7484
More information about the fedora-list
mailing list