Bug#1003244: openssh-client: ssh_config manpage has conflicting information about Debian-specific changes to defaults
Package: openssh-client
Version: 1:8.4p1-5
Severity: normal
X-Debbugs-Cc: peter@7bits.nl
Dear Maintainer,
* What led up to the situation?
After upgrading to Debian 11, using ssh to connect to one of my machines took a very long time.
The time is spent in:
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
This happens twice and takes a total of around 100 seconds. The first few tries I figured my VM had
half-died because ssh just sat there.
After a while I figured out disabling GSSAPIAuthentication helped. But the manpage is confusing.
ssh_config(5) says:
GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed. The default is no.
it also says:
Note that the Debian openssh-client package sets several options as standard in
/etc/ssh/ssh_config which are not the default in ssh(1):
o Include /etc/ssh/ssh_config.d/*.conf
o SendEnv LANG LC_*
o HashKnownHosts yes
o GSSAPIAuthentication yes
but I usually search manpages, not read them end to end. So, the bit about Debian defaults being different is very hard to miss. Perhaps the sections on those four options could grow a few words repeating the changes that Debian did.
-- System Information:
Debian Release: 11.2
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-10-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-client depends on:
ii adduser 3.118
ii dpkg 1.20.9
ii libc6 2.31-13+deb11u2
ii libedit2 3.1-20191231-2+b1
ii libfido2-1 1.6.0-2
ii libgssapi-krb5-2 1.18.3-6+deb11u1
ii libselinux1 3.1-3
ii libssl1.1 1.1.1k-1+deb11u1
ii passwd 1:4.8.1-1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-client recommends:
ii xauth 1:1.1-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- Configuration Files:
/etc/ssh/ssh_config changed:
Include /etc/ssh/ssh_config.d/*.conf
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication no
-- no debconf information
Reply to: