JIRA Issue

[#XCI-358] gsissh should do STRICT_RFC2818 host verification by default

[XCI-358] gsissh should do STRICT_RFC2818 host verification by default Created: 03/19/2018  Updated: 12/11/2019

Status: In Progress
Project: XSEDE Cyberinfrastructure Integration
Component/s: Globus Toolkit GSISSH Client/Server
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Jim Basney Assignee: Jim Basney
Resolution: Unresolved Votes: 0

XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-358
Use Cases:
CAN-04: Open a command shell on a login server (web browser)
Track status in meeting: no


Globus Toolkit was supposed to transition to STRICT_RFC2818 mode in 2016:


It appears to not have happened for GSI-OpenSSH. Specifically, GSSAPITrustDNS is defaulting to yes rather than no.



There are comments for XCI-358 that can be viewed with XSEDE authentication.