Hello Athos,
thanks for looking into this!
This is reproducible without Ansible, that was just use-case that
brought up the issue. I've further narrowed it down to the following
setup:
Server:
/usr/sbin/sshd -d -p 2222 -f /dev/null -o GSSAPIKeyExchange=yes -o
GSSAPIAuthentication=yes
Client:
ssh -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex root@compute-test
-v -p 2222 -o GSSAPIKeyExchange=yes -F /dev/null
I think this should make it independent from my local config, right?
Obviously there is also Kerberos involved, which I would call configured
pretty standard in our environment, but I can have a look at that config
as well, if this is desired.
The problem will not arise when:
- The client has no valid Kerberos-Key (unset KRB5CCNAME)
- If any of the the GSSAPI* options is missing on client or server
- If the order of "gssapi-with-mic,gssapi-keyex" is switched (!)
** Changed in: openssh (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938144
Title:
monitor_read: unpermitted request 48 on server while attempting GSSAPI
key exchange
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1938144/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
