Package: openssh-client
Version: 1:6.6p1-2
Severity: normal
Right now wildcarad host '*' takes precedence over all other
declarations:
host *
GSSAPIDelegateCredentials no
host foo
GSSAPIKeyExchange yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
% ssh foo klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_UID)
1) I believe it's wrong behaviour and narrow declarations should have
higher precedence.
2) Default configuration (/etc/ssh/ssh_config) sets
"GSSAPIDelegateCredentials" to "no" for "host *" so non-privileged
users has no ability to switch it on for specific host, except for
all host. And this is security issue.
--
sergio.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
