I'm using a fresh install of the most recent build of RockyLinux 9
. I'm trying to disable GSSAPI for SSH based login, along with passwords and permit only public key based login. Setting GSSAPIAuthentication no
in sshd_conf
doesn't appear to actually disable it, based on the output from the ssh client prompt. Are there any other configuration parameters necessary?
$ grep -i gss /etc/ssh/sshd_config
# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# service sshd restart
#on an another host
$ ssh [email protected]
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
What do you have in /etc/ssh/sshd_config.d? 50-redhat.conf seems to enable it and it is included early on. As far as I remember the first occurrence in sshd_config wins.
Following on the comment: please have a look at
Include
config directive for both ssh_config and sshd_config. It's been there since at least RHEL 8 for ssh_config and was introduced in RHEL 9 for sshd_config.