1

I'm using a fresh install of the most recent build of RockyLinux 9. I'm trying to disable GSSAPI for SSH based login, along with passwords and permit only public key based login. Setting GSSAPIAuthentication no in sshd_conf doesn't appear to actually disable it, based on the output from the ssh client prompt. Are there any other configuration parameters necessary?

$ grep -i gss /etc/ssh/sshd_config
# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# service sshd restart

#on an another host
$ ssh test@1.2.3.4
test@1.2.3.4: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
David
  • 588
  • 2
  • 6
  • 14
  • What do you have in /etc/ssh/sshd_config.d? 50-redhat.conf seems to enable it and it is included early on. As far as I remember the first occurence in sshd_config wins. – Tomek Apr 22 '23 at 13:47
  • I haven't used a redhat based system in some time this must be a new thing. But setting `GSSAPIAuthentication no` in `50-redhat.conf` fixed the problem. If you put this in an answer I'll accept it. Thanks. – David Apr 22 '23 at 15:55

1 Answers1

2

What do you have in /etc/ssh/sshd_config.d? 50-redhat.conf seems to enable it and it is included early on. As far as I remember the first occurrence in sshd_config wins.

Following on the comment: please have a look at Include config directive for both ssh_config and sshd_config. It's been there since at least RHEL 8 for ssh_config and was introduced in RHEL 9 for sshd_config.

Tomek
  • 3,390
  • 1
  • 16
  • 10