Connections over private network, Simon's GSSAPI patch

Carson Gaspar carson at
Wed Feb 5 04:21:48 EST 2003

Stop shooting yourself in the foot. Run 2 sshd instances, one on the public 
interface, one on the private interface, and make sure they know their 
correct host names.

The only other sane option I can think of is to add an option to ssh and/or 
sshd that lets you select which client and/or server kerberos principal(s) 
to use explicitly, instead of automagically determining them. And that's a 
lot more work. And belongs in the GSSAPI code. Something like:

ssh -oClientPrincipal=carson.admin at 
-oServerPrincipal=host/server.private at

or (in sshd.conf):
ServerPrincipal=host/server.private at

If your're feeling really studly, have the sshd option take a list of 


More information about the openssh-unix-dev mailing list