[Gt-eos] Possible security concern with gsissh
Basney, Jim
jbasney at illinois.edu
Tue Apr 10 19:17:30 CEST 2018
Dave,
Thanks for raising this issue. I believe it’s due to the GssapiTrustDns setting still defaulting to yes. We should change the default to no.
-Jim
> On Apr 10, 2018, at 12:01 PM, Dave Dykstra <dwd at fnal.gov> wrote:
>
> I just noticed on a host that we use gsi-openssh-server that the host
> certificate does not include a SAN of the public DNS alias of the
> machine (i.e. oasis-login-itb.opensciencegrid.org). Isn't that a
> security concern? Normally clients are supposed to verify that.
>
> Dave
> _______________________________________________
> Gt-eos mailing list
> Gt-eos at mailman.egi.eu
> http://mailman.egi.eu/mailman/listinfo/gt-eos
More information about the Gt-eos
mailing list