This patch is borrowed verbatim from Debian, where it is actively
maintained for each openssh update. It's also included in Fedora's
openssh package, in Arch linux as openssh-gssapi in the AUR, in MacOS
X, and presumably various other platforms and linux distros.
The main relevant parts of this patch:
- Adds several ssh_config options:
GSSAPIKeyExchange, GSSAPITrustDNS,
GSSAPIClientIdentity, GSSAPIServerIdentity
GSSAPIRenewalForcesRekey
- Optionally use an in-memory credentials cache api for security
My primary motivation for wanting the patch is the GSSAPIKeyExchange
and GSSAPITrustDNS features. My user ssh_config is shared across
several OSes, and it's a lot easier to manage if they all support the
same options.
67f4c2a779