user's configuration file
.Pq Pa ~/.ssh/config
.It
+GSSAPI configuration file
+.Pq Pa $HOME/.ssh/config.gssapi
+.It
+Kerberos configuration file
+.Pq Pa $HOME/.ssh/config.krb
+.It
system-wide configuration file
.Pq Pa /etc/ssh/ssh_config
.El
.It Cm GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed.
The default is
-.Dq no .
+.Dq yes .
Note that this option applies to protocol version 2 only.
.It Cm GSSAPIKeyExchange
Specifies whether key exchange based on GSSAPI may be used. When using
GSSAPI key exchange the server need not have a host key.
The default is
-.Dq no .
+.Dq yes .
Note that this option applies to protocol version 2 only.
.It Cm GSSAPIClientIdentity
If set, specifies the GSSAPI client identity that ssh should use when
.It Cm GSSAPIDelegateCredentials
Forward (delegate) credentials to the server.
The default is
-.Dq no .
+.Dq yes .
Note that this option applies to protocol version 2 connections using GSSAPI.
.It Cm GSSAPIRenewalForcesRekey
If set to
ssh connection. With a compatible server, this can delegate the renewed
credentials to a session on the server.
The default is
-.Dq no .
+.Dq yes .
.It Cm GSSAPITrustDns
Set to
.Dq yes to indicate that the DNS is trusted to securely canonicalize
.Dq no, the hostname entered on the
command line will be passed untouched to the GSSAPI library.
The default is
-.Dq no .
+.Dq yes .
This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HashKnownHosts
Indicates that
over another method (e.g.\&
.Cm password )
The default for this option is:
-.Do gssapi-with-mic ,
+.Do gssapi-keyex ,
+external-keyx,
+gssapi-with-mic,
hostbased,
publickey,
keyboard-interactive,