Closed
Bug 868241
Opened 11 years ago
Closed 11 years ago
Disable GSSAPI in ssh
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: catlee, Assigned: rail)
References
Details
Attachments
(1 file, 1 obsolete file)
1.36 KB,
patch
|
dustin
:
review+
rail
:
checked-in+
|
Details | Diff | Splinter Review |
One (small) reason why our command queues back up is that it takes about one second for the GSSAPI negotiation to fail when ssh'ing from the master to stage. GSSAPI is globally enabled in /etc/ssh/ssh_config. We should probably remove it from there, or override it in ~/.ssh/config GSSAPIAuthentication=no
Assignee | ||
Comment 1•11 years ago
|
||
Is there any reason we want to have GSSAPIAuthentication=yes?
Reporter | ||
Comment 2•11 years ago
|
||
Not that I know of.
Comment 3•11 years ago
|
||
Opsec folks, I think this is fine, but let us know if it's not?
Comment 4•11 years ago
|
||
Nothing that I know of from OPsec requires GSS nor depends on it. Personally, I'm all for disabling anything that we're not explicately using, just on principle. Go for it. :-)
Assignee | ||
Comment 5•11 years ago
|
||
Comment 6•11 years ago
|
||
Comment on attachment 745216 [details] [diff] [review] kill GSSAPI Review of attachment 745216 [details] [diff] [review]: ----------------------------------------------------------------- These should probably be explicit "no" instead of just removing them (even if the default is 'no', explicit is better than implicit)
Attachment #745216 -
Flags: review?(dustin) → review-
Assignee | ||
Comment 7•11 years ago
|
||
Attachment #745216 -
Attachment is obsolete: true
Attachment #745222 -
Flags: review?(dustin)
Updated•11 years ago
|
Attachment #745222 -
Flags: review?(dustin) → review+
Assignee | ||
Comment 8•11 years ago
|
||
Comment on attachment 745222 [details] [diff] [review] kill GSSAPI https://hg.mozilla.org/build/puppet/rev/c356f4f8f697
Attachment #745222 -
Flags: checked-in+
Assignee | ||
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
Updated•6 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•