Minor bug in ssh/sshd_config of openssh-server-3.9p1-8.0.4.legacy: # GSSAPI options #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes should surely be: #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials no GSSAPICleanupCredentials yes (second last line needs a "no" to be consistent)
To be consistent with what? The commented options are the default values the openssh daemon uses if it doesn't find the item in the config file. Are you saying the openssh daemon sets GSSAPICleanupCredentials to no when the option is not present in the config file?
There is one line with comment, below one without - I guess for you to easily "switch" those two lines. The latest two lines however are the same (both yes). So either maybe we drop the duplicate lines or at least make the commented out pairs "the same" (one no, one yes). Or am I wrong?
They aren't there to be able to "switch" between them. From the top of the config file: # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. The option that's commented out tells us what the daemon's default value is if the config item is not present in the config file. The option that's active overrides the default value. In other words, GSSAPICleanupCredentials is set to "yes" by default. It is also set to "yes" by the uncommented line of the config file. GSSAPIAuthentication is set to "no" by default when the daemon starts up, but it's overridden to "yes" because of the uncommented line in the config file.