[Bug 60421] Re: Problem negotiation GSSAPI with Solaris 10 sshd

Mon Mar 12 08:22:58 UTC 2012

Thank you for reporting this bug to Ubuntu. The version of Ubuntu referenced in this issue has reached end of life, and the issue is fixed in newer versions of Ubuntu. Therefore, I am closing the Dapper task. 
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases 

** Changed in: openssh (Ubuntu Dapper)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/60421

Title:
  Problem negotiation GSSAPI with Solaris 10 sshd

Status in “openssh” package in Ubuntu:
  Fix Released
Status in “openssh” source package in Dapper:
  Invalid

Bug description:
  Binary package hint: openssh-client

  When trying to connect between a Dapper client and a Solaris 10 server
  using Kerberos 5 GSSAPI, negotation fails during gss_init_sec_context:

  $ ssh -v XXXX.mit.edu
  OpenSSH_4.2p1 Debian-7ubuntu3, OpenSSL 0.9.8a 11 Oct 2005
  debug1: Reading configuration data /home/sit/.ssh/config
  debug1: Applying options for *.mit.edu
  debug1: Applying options for *
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: Applying options for *
  debug1: Connecting to XXXX.mit.edu [128.30.XXX.YYY] port 22.
  debug1: Connection established.
  debug1: identity file /home/sit/.ssh/identity type -1
  debug1: identity file /home/sit/.ssh/id_rsa type 1
  debug1: identity file /home/sit/.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
  debug1: no match: Sun_SSH_1.1
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3
  debug1: Offering GSSAPI proposal: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-cbc hmac-md5 none
  debug1: kex: client->server aes128-cbc hmac-md5 none
  debug1: Calling gss_init_sec_context
  debug1: Delegating credentials
  debug1: Received KEXGSS_HOSTKEY
  debug1: Calling gss_init_sec_context
  debug1: Delegating credentials
  debug1: A token was invalid
  No error

  gss_init_context failed

  This appears to be the same problem as described in http://thread.gmane.org/gmane.comp.encryption.kerberos.devel/3373
  http://thread.gmane.org/gmane.comp.encryption.kerberos.devel/3375

  The developer suggests that perhaps the problem is due to a bug in the
  OpenSSH patch and handling the HOSTKEY message; the messages in the
  thread suggest that the problem is fixed in a version of the patch by
  26 sep 2005.  However, the last mention of the patch in the dapper
  changelog is dated 14 sep 2005.  Perhaps pulling up the latest version
  of the patch will solve the problem.

  I haven't tested with edgy, any OpenSSH 4.3 builds, or ssh-krb5
  packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/60421/+subscriptions