Skip to content Skip to navigation

JIRA Issue

[#XCI-358] gsissh should do STRICT_RFC2818 host verification by default

[XCI-358] gsissh should do STRICT_RFC2818 host verification by default Created: 03/19/2018  Updated: 08/07/2018

Status: In Progress
Project: XSEDE Cyberinfrastructure Integration
Component/s: Globus Toolkit GSISSH Client/Server
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Jim Basney Assignee: Jim Basney
Resolution: Unresolved Votes: 0

XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-358
Use Cases:
CAN-04: Interactive Login
Track status in meeting: no

 Description   

Globus Toolkit was supposed to transition to STRICT_RFC2818 mode in 2016:

https://docs.globus.org/security-bulletins/2015-12-strict-mode/

It appears to not have happened for GSI-OpenSSH. Specifically, GSSAPITrustDNS is defaulting to yes rather than no.

Tasks:



 Comments   

There are comments for XCI-358 that can be viewed with XSEDE authentication.