How to generate additional debug messages for sshd gssapi failures?

John Marshall john.marshall at
Mon Sep 21 17:05:15 EST 2009

I'm trying to troubleshoot gssapi_with_mic authentication with OpenSSH
5.2p1 on FreeBSD 8.0.

If I run sshd with maximum debug "sshd -ddd" the most detail I get is:

     GSSAPI MIC check failed

That comes from line 282 in auth2-gss.c

    279         if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
    280                 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
    281         else
    282                 logit("GSSAPI MIC check failed");

I think that's as much help as I can get from sshd.  I'd like to add
some printf's to that else clause so that I can see the reason codes
returned by the gssapi routines.  I'm not a programmer.  Can anybody
give me any hints as to what to put here?

Is there any chance of enhancing the error reporting at that point in a
future release so that debug logging produces useful output?

Thank you for your help.

John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list