Extend GSSAPI configuration support to ssh_config

Previously, the ssh_gssapi_support variable only toggled the GSSAPI settings in sshd_config. Through this change, setting ssh_gssapi_support to true also enables support in ssh_config. It enables both authentication and credential delegation.
dev-sec · Feb 12, 2021 · 3344071 · 3344071
1 parent 70cd7bb
commit 3344071
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/roles/ssh_hardening/templates/openssh.conf.j2 b/roles/ssh_hardening/templates/openssh.conf.j2
@@ -104,8 +104,8 @@ RSAAuthentication yes
 PasswordAuthentication {{ 'yes' if ssh_client_password_login else 'no' }}
 
 # Only use GSSAPIAuthentication if implemented on the network.
-GSSAPIAuthentication no
-GSSAPIDelegateCredentials no
+GSSAPIAuthentication {{ 'yes' if ssh_gssapi_support else 'no' }}
+GSSAPIDelegateCredentials {{ 'yes' if ssh_gssapi_support else 'no' }}
 
 # Disable tunneling
 Tunnel no