openssh: Connection with gssapi kex fails at rekey (all the time)

[habazut]

When using openssh with +gssapi:

As the gssapi for openssh key exchange patch is incomplete, any rekey attempt will fail. Typically after 1GB of transfered data. Either apply supplied patch after gssapi patch or integrate it into the gssapi patch. This bug has been present in other distros, for example Debian based.

This bug is present in all openssh versions after the ext-info feature was introduced, for example 7.4, 7.6, ...

Regards, Harald.

[pmetzger (Perry E. Metzger)]

1. It sounds like you should be submitting this patch upstream?
2. Can you submit a pull request in GitHub for this issue? It will result in a patch being committed far faster.

[pmetzger (Perry E. Metzger)]

habazut: ping?

[Mihai Moldovan <ionic@…>]

In 715635bdfb881e287a52e23b298e379a4e9c03ac/macports-ports (master):

net/{openssh,ssh-copy-id}: update to 8.1p1.

Fixes: #56331
Fixes: #57025
Fixes: #58047
Fixes: #59009
Fixes: #59016

Changes:

• Rebase patches.
• Update to newer HPN patchset version. Based upon the 8.0p1 version 14.18 patch. Add a rebased OpenSSL-1.1-compat patch.
• Switch to new ObjC-based Keychain integration as provided by Apple. Might fail on older platforms. If it does, we will need to bring back the old C-based implementation as an alternative for these.
• Made the keychain integration and launchd startup patch a default one based upon request (and to be consistent with Apple's shipped OpenSSH version).
• Portfile cleanup, don't define compile constants from outside - have autotools do that correctly.
• Clarify where some of the patches come from - and especially for the gsskex patch that it is NOT a single patch taken from one location and rebased against the current OpenSSH version.
• Renamed (now used) -m/-M options to -A/-K for the keychain integration.