I think this should make it independent from my local config, right? Obviously there is also Kerberos involved, which I would call configured pretty standard in our environment, but I can have a look at that config as well, if this is desired.
The problem will not arise when:
- The client has no valid Kerberos-Key (unset KRB5CCNAME)
- If any of the the GSSAPI* options is missing on client or server
- If the order of "gssapi-with-mic,gssapi-keyex" is switched (!)
Hello Athos,
thanks for looking into this!
This is reproducible without Ansible, that was just use-case that brought up the issue. I've further narrowed it down to the following setup:
Server: ge=yes -o GSSAPIAuthentic ation=yes
/usr/sbin/sshd -d -p 2222 -f /dev/null -o GSSAPIKeyExchan
Client: tications= gssapi- with-mic, gssapi- keyex root@compute-test -v -p 2222 -o GSSAPIKeyExchan ge=yes -F /dev/null
ssh -o PreferredAuthen
I think this should make it independent from my local config, right? Obviously there is also Kerberos involved, which I would call configured pretty standard in our environment, but I can have a look at that config as well, if this is desired.
The problem will not arise when: with-mic, gssapi- keyex" is switched (!)
- The client has no valid Kerberos-Key (unset KRB5CCNAME)
- If any of the the GSSAPI* options is missing on client or server
- If the order of "gssapi-