Antonio Larrosa
d7201bdb47
client and a DoS attack against OpenSSH's client and server (bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466): * fix-CVE-2025-26465-and-CVE-2025-26466.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=282
19 lines
528 B
Plaintext
19 lines
528 B
Plaintext
This version of the Kerbros/GSSAPI support avoids DNS lookups
|
|
for Kerberos-related names. These DNS lookups were problematic
|
|
for dialup users because they would lead to excessive delays
|
|
if DNS was not reachable.
|
|
|
|
If you do use Kerberos, please make sure you edit the server and
|
|
client configuration files as follows:
|
|
|
|
/etc/ssh/sshd_config:
|
|
|
|
GSSAPIAuthentication yes
|
|
GSSAPICleanupCredentials yes
|
|
|
|
/etc/ssh/ssh_config:
|
|
Host *
|
|
... lots of other options ...
|
|
GSSAPIAuthentication yes
|
|
GSSAPIDelegateCredentials yes
|