Closed Bug 1588364 Opened 6 years ago Closed 6 years ago

Why observatory discourages gssapi-with-mic for ssh?

Categories

(Websites :: Other, enhancement)

Product:
Websites
Component:
Other
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: dpa-mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0 Safari/605.1.15 Epiphany/605.1.15

Steps to reproduce:

https://observatory.mozilla.org/analyze/mail.aegee.org#ssh recommends removing the authenticatin method gssapi-with-mic . and the explanation is supposed to be at https://infosec.mozilla.org/guidelines/openssh . But the latter link does not explain why gssapi-with-mic is bad.

Expected results:

https://infosec.mozilla.org/guidelines/openssh should say why gssapi-with-mic is bad authentication mechanism, or https://observatory.mozilla.org/analyze/mail.aegee.org#ssh should not recommend removal of that mechanism.

Please file an issue at https://github.com/mozilla/http-observatory-website/issues Thank you.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.