[36591] in Kerberos
gssapi-with-mic vs gssapi-keyex SSH authentication difference?
daemon@ATHENA.MIT.EDU (Rufe Glick)
Fri Oct 31 13:39:02 2014
Date: Fri, 31 Oct 2014 13:38:35 -0400
From: Rufe Glick <rufe.glick@gmail.com>
Message-ID: <464331345.20141031133835@gmail.com>
To: Kerberos Mailing List <kerberos@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I have Kerberos infrastructure set up and GSSAPI enabled in ssh_config/sshd_config of the SSH client/server (GSSAPIAuthentication yes). When I connect to the SSH server using verbose mode I see that SSH client uses 'gssapi-with-mic' mode to authenticate itself. Then if I additionally enable 'GSSAPIKeyExchange yes' setting the SSH client prefers the 'gssapi-keyex' method to authenticate itself.
The questions are what does happen under the hood of both of these methods (in simple terms, please)? And what is the essential difference? Also what kind of keys do they exchange when 'gssapi-keyex' auth method is in use?
--
Best regards,
Rufe
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos