Translated message

A translation of this page exists in English.

openssh 7.4 にアップデートすると、GSSAPIStrictAcceptorCheck のデフォルトが no に戻るため、Kerberos を設定している一部の環境で認証に失敗する

Solution Verified - Updated -


  • アップデートしてからチケットを転送すると、gssapi を行う際に openssh-7.4 接続が終了します。クライアントをデバッグすると、以下のエラーが出力されます。
    # ssh -v
    debug1: Enabling compatibility mode for protocol 2.0^M
    debug1: Local version string SSH-2.0-OpenSSH_7.4^M
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4^M
    debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000^M
    debug1: Authenticating to as 'root'^M
    debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==^M
    debug1: SSH2_MSG_KEXINIT sent^M
    debug1: SSH2_MSG_KEXINIT received^M
    debug1: kex: algorithm: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==^M
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256^M
    debug1: kex: server->client cipher: MAC: <implicit> compression: none^M
    debug1: kex: client->server cipher: MAC: <implicit> compression: none^M
    debug1: kex: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== need=64 dh_need=64^M
    debug1: kex: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== need=64 dh_need=64^M
    debug1: Doing group exchange
    debug1: Calling gss_init_sec_context^M
    debug1: Delegating credentials^M
    ssh_packet_read: Connection closed^M


  • Red Hat Enterprise Linux 7
    • openssh-server-7.4p1-12.el7.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content