Help wanted with GSSAPI in OpenSSH
Andreas Schneider
asn at cryptomilk.org
Sat Dec 13 06:23:01 AEDT 2025
On Thursday, 11 December 2025 01.23.45 Central European Standard Time Damien
Miller wrote:
> Hi,
Hi Damien,
> This is a request for assistance in maintaining the GSSAPI code in
> OpenSSH.
>
> None of the maintainers have much experience with GSSAPI and none of
> us use it in our usual use of OpenSSH. We don’t have *any* testing of
> GSSAPI features in our unit test suite, let alone fuzzer coverage.
at libssh we have a test environment based on https://cwrap.org/ we run
openssh sshd to test against it. We also run a MIT Kerberos KDC for GSSAPI
testing.
None of this requires any privileges. You just need the wrappers installed
including the krb5-server package and run 'make test'.
The magic happens here:
https://gitlab.com/libssh/libssh-mirror/-/blob/master/tests/torture.c?
ref_type=heads#L1329
Best regards
Andreas
More information about the openssh-unix-dev
mailing list