Closed Bug 868241 Opened 11 years ago Closed 11 years ago

Disable GSSAPI in ssh

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: catlee, Assigned: rail)

References

Details

Attachments

(1 file, 1 obsolete file)

kill GSSAPI
1.36 KB, patch
dustin
: review+
rail
: checked-in+
Details | Diff | Splinter Review 
One (small) reason why our command queues back up is that it takes about one second for the GSSAPI negotiation to fail when ssh'ing from the master to stage.

GSSAPI is globally enabled in /etc/ssh/ssh_config. We should probably remove it from there, or override it in ~/.ssh/config

GSSAPIAuthentication=no
Is there any reason we want to have GSSAPIAuthentication=yes?
Not that I know of.
Opsec folks, I think this is fine, but let us know if it's not?
Nothing that I know of from OPsec requires GSS nor depends on it.

Personally, I'm all for disabling anything that we're not explicately using, just on principle.

Go for it.  :-)
Attached patch kill GSSAPI (obsolete) — Splinter Review 
Assignee: nobody → rail
Status: NEW → ASSIGNED

        Attachment #745216 -
        Flags: review?(dustin)

    
    

    
  
Comment on attachment 745216 [details] [diff] [review]
kill GSSAPI

Review of attachment 745216 [details] [diff] [review]:
-----------------------------------------------------------------

These should probably be explicit "no" instead of just removing them (even if the default is 'no', explicit is better than implicit)

        Attachment #745216 -
        Flags: review?(dustin) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        kill GSSAPISplinter Review
      

    


  

        Attachment #745216 -
        Attachment is obsolete: true

        Attachment #745222 -
        Flags: review?(dustin)

        Attachment #745222 -
        Flags: review?(dustin) → review+

    
  
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering
Component: General Automation → General

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: