[27586] in Source-Commits

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ssh-client-config commit: Disable GSSAPIKeyExchange

daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Tue Feb 4 00:45:20 2014

Date: Tue, 4 Feb 2014 00:45:09 -0500
From: Anders Kaseorg <andersk@MIT.EDU>
Message-Id: <201402040545.s145j9ZV006420@drugstore.mit.edu>
To: source-commits@MIT.EDU

https://github.com/mit-athena/ssh-client-config/commit/6775baec0cf9229c0707229a4d6b3e0968311076
commit 6775baec0cf9229c0707229a4d6b3e0968311076
Author: Anders Kaseorg <andersk@mit.edu>
Date:   Sun Feb 2 20:01:40 2014 -0500

    Disable GSSAPIKeyExchange
    
    Signed-off-by: Anders Kaseorg <andersk@mit.edu>

 debian/changelog                      |    8 ++++++++
 debian/transform_ssh_config.debathena |    2 --
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3131d46..908836d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+debathena-ssh-client-config (1.7) UNRELEASED; urgency=medium
+
+  * Disable GSSAPIKeyExchange.  Unfortunately, it seems to have security
+    problems with hostname canonicalization for which we currently have no
+    mitigation mechanism.  (Trac: #1386)
+
+ -- Anders Kaseorg <andersk@mit.edu>  Sun, 02 Feb 2014 19:58:05 -0500
+
 debathena-ssh-client-config (1.6) unstable; urgency=low
 
   [ Jonathan Reed ]
diff --git a/debian/transform_ssh_config.debathena b/debian/transform_ssh_config.debathena
index ebf0844..54cef53 100755
--- a/debian/transform_ssh_config.debathena
+++ b/debian/transform_ssh_config.debathena
@@ -1,5 +1,3 @@
 #!/usr/bin/perl -0p
 s/^\s*#?\s*GSSAPIAuthentication.*\n//mg;
 s/$/\n    GSSAPIAuthentication yes/ or die;
-s/^\s*#?\s*GSSAPIKeyExchange.*\n//mg;
-s/$/\n    GSSAPIKeyExchange yes/ or die;

home	help	back	first	fref	pref	prev	next	nref	lref	last	post