GSSAPI Key Exchange Patch

Damien Miller djm at
Fri Nov 16 19:25:04 EST 2007

On Thu, 15 Nov 2007, petesea at wrote:

> Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into 
> the OpenSSH source?

As far as I know, none of the current core OpenSSH developers are in
favour of adding it.

> I'm sure I'm not the only one that uses it and would like to see it become 
> part of the OpenSSH source.  Is there something missing or is there some 
> technical/philosophical reason for not including it?

Yes - we are very scared of adding features that lead to more
pre-authentication attack surface, especially when they delegate to
complex libraries with patchy security histories.


More information about the openssh-unix-dev mailing list