The man page ssh_config.5 specifies the default setting for PreferredAuthentications as: "gssapi-with-mic, hostbased, publickey, keyboard-interactive, password" with a space after each comma. But when I set PreferredAuthentications in ssh_config as follows: PreferredAuthentications "gssapi-keyex, gssapi-with-mic, publickey, hostbased, password" with a space after each comma, ssh fails to process authentication methods beyond the first one in the list. It will however work as expected if the spaces are removed. Either the man page or code (match_list()?) needs to be fixed. Below is the debug log of the failure: debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug3: preferred gssapi-keyex, gssapi-with-mic, publickey, hostbased, password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic, publickey, hostbased, password debug3: authmethod_is_enabled gssapi-keyex debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).
This is a problem with the man page formatting. I'll attach a patch.
Created attachment 1823 [details] /tmp/ssh-preferredauth-man.patch Format default value of PreferredAuthentication to match reality.
Patch has been applied and will be in 5.5p1. Thanks for the report.
Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1