I have a perplexing bug here, I think. (Or maybe a mis-configuration?) I set GSSAPIAuthentication=no in .ssh/config but I still see my ssh client trying to do GSAPI stuff, which times out in DNS. I want this to work without requiring reverse DNS. Actually, "getent hosts IPADDR" works, because the IP is in etc/inet/hosts but as you see below, gssapi calls the DNS resolver library directly (grumble) instead of getnameinfo or whatever that would use nsswitch...
Anyone know why with GSSAPIAuthentication=no I'm still seeing attempts to use gssapi? Here's the stack while the ssh client is stuck waiting for the resolver to time out... 24572: ssh -vvv oi-test fea53385 pollsys (8043214, 1, 80431a8, 0) fe9e50b6 poll (8043214, 1, 1388, 0) + 66 fef4e0e1 send_dg (8143b50, 80439c0, 25, 81a4bbc, 10000, 8043948) + 391 fef4ea68 res_nsend (8143b50, 80439c0, 25, 81a4bbc, 10000, 400) + 595 fef4cbb2 res_nquery (8143b50, 8043e1f, 1, 1, 81a4bbc, 10000) + 14d fef4ce90 res_nquerydomain (8143b50, 8140bb5, 8143bb0, 1, 1, 81a4bbc) + 131 fef4d088 res_nsearch (8143b50, 8140bb5, 1, 1, 81a4bbc, 10000) + 1ed fef22c05 ho_byname2 (8160890, 8140bb5, 2, fef4479a, 0, ffffffff) + 216 fef25e79 ho_byname2 (81608bc, 8140bb5, 2, 401, 0, fefc35c2) + 75 fef29132 gethostbyname2_p (8140bb5, 2, 815f7e0, fef29188, feac2804, 0) + 123 fef2936d res_getipnodebyname (8140bb5, 2, 0, 8045088) + 20d fe8fd75d krb5_sname_to_principal (81416a0, 8140bb5, 8140bb0, 3, 8045608, 40) + 94 fe8960da krb5_gss_import_name (813f59c, 812b8f8, 812b908, 80456b8) + 12e fe89780c k5glue_import_name (0, 813f59c, 812b8f8, 812b908, 80456b8, fec998d6) + 24 fec8a1d2 __gss_import_internal_name (813f59c, 812b8e8, 812fae8, 80456b8, 0, 812fae8) + 52 fec85c3f gss_init_sec_context (813f59c, 0, 813f5a0, 812fae8, 812b8e8, 22) + be 080ac1b3 ssh_gssapi_check_mechanism (0, 81406a8, 812b838, 0) + 1ef 080ac349 ssh_gssapi_client_mechanisms (812b838, 8107fdf, 82, 0, feac2804, 0) + 105 08078779 ssh_kex2 (812b818, 812b040, 16, fea53d35, 812b818, 812b040) + 2c5 08073869 ssh_login (8128f90, 812b648, 812b040, 16, 812c428) + a5 08065bf0 main (804797c, feacf2c8, 80479b0, 806331b, 3, 80479bc) + 19c0 0806331b _start (3, 8047ae8, 8047aec, 8047af1, 0, 8047af9) + 83 24479: ssh oi-test fea53385 pollsys (80456e0, 2, 0, 0) fe9ea249 pselect (9, 812b818, 812b7f8, feacbfe0, 0, 0) + 232 fe9ea54b select (9, 812b818, 812b7f8, 0, 0, 0) + 8e 0807138f client_loop (1, 7e, 0, 8140e20, 0, 0) + 51f 08065f92 main (804797c, feacf2c8, 80479b8, 806331b, 2, 80479c4) + 1d62 0806331b _start (2, 8047aec, 8047af0, 0, 8047af8, 8047b0f) + 83 _______________________________________________ oi-dev mailing list [email protected] https://openindiana.org/mailman/listinfo/oi-dev
