ssh and the latest Sol9 patches - Solaris

This is a discussion on ssh and the latest Sol9 patches - Solaris ; After installing the latest ssh/sshd patches on a Sol9 system I now see the following error when using ssh $ ssh zoe unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so] unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so] Enter passphrase for key '/home/zzassgl/.ssh/id_rsa': .... ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: ssh and the latest Sol9 patches

  1. ssh and the latest Sol9 patches

    After installing the latest ssh/sshd patches on a Sol9 system I now see the
    following error when using ssh

    $ ssh zoe
    unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    Enter passphrase for key '/home/zzassgl/.ssh/id_rsa':
    ....

    and

    $ ssh wells
    unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    xmalloc: zero size

    depending whether or not the remote machine permits access.

    Anybody know a fix or do I need to patchrm these recent patches?

    Thanks,

    --
    Geoff Lane, Airstrip One

    Today's Excuse: Party-bug in the Aloha protocol.

  2. Re: ssh and the latest Sol9 patches

    Geoff,

    I had the same problem on the only S9 box running the bundled ssh. It
    too broke after the patch. I installed Openssh and Openssl from
    SunFreeware.com to prove the patch broke the original. It worked fine
    so I pkgrm the bundled versions.

    Actually, all of our machines run Openssh / ssl to keep current with
    security patches. This was the only machine that was different.

    Ron Halstead

    Geoff Lane wrote:
    > After installing the latest ssh/sshd patches on a Sol9 system I now see the
    > following error when using ssh
    >
    > $ ssh zoe
    > unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    > unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    > Enter passphrase for key '/home/zzassgl/.ssh/id_rsa':
    > ...
    >
    > and
    >
    > $ ssh wells
    > unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    > xmalloc: zero size
    >
    > depending whether or not the remote machine permits access.
    >
    > Anybody know a fix or do I need to patchrm these recent patches?
    >
    > Thanks,
    >
    > --
    > Geoff Lane, Airstrip One
    >
    > Today's Excuse: Party-bug in the Aloha protocol.



  3. Re: ssh and the latest Sol9 patches

    Ron wrote:
    > Geoff,
    >
    > I had the same problem on the only S9 box running the bundled ssh. It
    > too broke after the patch. I installed Openssh and Openssl from
    > SunFreeware.com to prove the patch broke the original. It worked fine
    > so I pkgrm the bundled versions.
    >
    > Actually, all of our machines run Openssh / ssl to keep current with
    > security patches. This was the only machine that was different.
    >
    > Ron Halstead
    >
    > Geoff Lane wrote:
    >> After installing the latest ssh/sshd patches on a Sol9 system I now see the
    >> following error when using ssh
    >>
    >> $ ssh zoe
    >> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    >> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    >> Enter passphrase for key '/home/zzassgl/.ssh/id_rsa':
    >> ...
    >>
    >> and
    >>
    >> $ ssh wells
    >> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
    >> xmalloc: zero size
    >>
    >> depending whether or not the remote machine permits access.
    >>
    >> Anybody know a fix or do I need to patchrm these recent patches?


    Sun have accepted the problem as a bug and are working on a fix. It
    appears they made some invalid assuptions about the current ssh/kerberous
    config on most peoples systems. The work-around is to add the following...

    To /etc/ssh/ssh_config...

    GSSAPIAuthentication=no
    GSSAPIKeyExchange=no
    StrictHostKeyChecking no


    To /etc/ssh/sshd_config...

    GSSAPIAuthentication=no
    GSSAPIKeyExchange=no

    Then restart sshd.

    --
    Geoff Lane, Airstrip One

    See that slate, That's your keyboard that is.

+ Reply to Thread