[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#409360: openssh-client: Disabling GSSAPIAuthentication option by default

On Fri, Feb 02, 2007 at 11:47:14AM -0800, Russ Allbery wrote:
> Gregory Colpart <reg@evolix.fr> writes:
> 
> > Package: openssh-client
> > Version: 1:4.3p2-8
> > Severity: wishlist
> 
> > Connections with GSSAPIAuthentication option on non-kerberos SSH servers
> > are very slow (3 or 4 seconds on local servers).
> 
> This should only be if your DNS or Kerberos configuration is broken. If
> you have no Kerberos configuration, it will fail extremely quickly.

After some tests, I understand that the problem is when
GSSAPIAuthentication option enabled AND Avahi daemon started
(it's case of an Etch "out of the box" for example) AND no
reverse record for IP address of SSH server.

With "GSSAPIAuthentication yes", I see reverse DNS query for the
IP address of SSH server after I start "ssh server", and with
Avahi daemon, connection lags during 3 or 4 seconds before to
continue (during mDNS PTR queries).

Regards,
-- 
Gregory Colpart <reg@evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
Reply to: