Hello, I have Kerberos infrastructure set up and GSSAPI enabled in ssh_config/sshd_config of the SSH client/server (GSSAPIAuthentication yes). When I connect to the SSH server using verbose mode I see that SSH client uses 'gssapi-with-mic' mode to authenticate itself. Then if I additionally enable 'GSSAPIKeyExchange yes' setting the SSH client prefers the 'gssapi-keyex' method to authenticate itself.
The questions are what does happen under the hood of both of these methods (in simple terms, please)? And what is the essential difference? Also what kind of keys do they exchange when 'gssapi-keyex' auth method is in use? -- Best regards, Rufe ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
