I'm struggling to ssh between OS X & Linux using GSSAPI authentication
OS X is 10.3.9, OpenSSH_3.6.1p1+CAN-2004-0175
Linux is Debian, OpenSSH_4.2p1
After some reading, I gather OS X ssh supports only the insecure
"gssapi" method - & ssh 4.2p1 supports only the new "gssapi-with-mic"
method
- but I can ssh from Linux -> OS X using GSSAPI - only not OS X -> Linux
Does this mean the ssh 4.2 client supports the insecure "gssapi"
method, though the server does not?
linux% ssh -v osx
OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /home/jablko/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to osx [192.168.179.9] port 22.
debug1: Connection established.
debug1: identity file /home/jablko/.ssh/identity type -1
debug1: identity file /home/jablko/.ssh/id_rsa type -1
debug1: identity file /home/jablko/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.6.1p1+CAN-2004-0175
debug1: match: OpenSSH_3.6.1p1+CAN-2004-0175 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-5
debug1: Offering GSSAPI proposal:
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-A/
vxljAEU54gt9a48EiANQ==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
debug1: Received GSSAPI_COMPLETE
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi
debug1: Delegating credentials
debug1: Delegating credentials
debug1: Authentication succeeded (gssapi).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
Welcome to Darwin!
[osx:~] jablko% ssh -v linux
OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090707f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to linux [192.168.179.246] port 22.
debug1: Connection established.
debug1: identity file /home/jablko/.ssh/identity type -1
debug1: identity file /home/jablko/.ssh/id_rsa type -1
debug1: identity file /home/jablko/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.2p1 Debian-5
debug1: match: OpenSSH_4.2p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175
debug1: Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
debug1: Mechanism encoded as A/vxljAEU54gt9a48EiANQ==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'linux' is known and matches the RSA host key.
debug1: Found key in /home/jablko/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-keyx,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jablko/.ssh/identity
debug1: Trying private key: /home/jablko/.ssh/id_rsa
debug1: Trying private key: /home/jablko/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
