Inconsistent server/client configuration

Markus Friedl markus at
Thu Oct 25 00:03:17 EST 2001

your mail is missing many details, but i assume you are talking
about hostbased authentication.

On Wed, Oct 24, 2001 at 10:51:57AM +0200, Hans Werner Strube wrote:
> It appears somewhat inconsistent to me that parameter HostKey is configurable
> on the server side but fixed on the client side.
> On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE,
> _PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server,
> the paths can be specified by up to three HostKey options as arbitrary names
> in arbitrary sequence.

because the client is setuid root. you don't want to make
ssh read every private key on the system.

the client _could_ get the hostkey pathnames from sshd_config, 
but then you have to hardcode another filename.


More information about the openssh-unix-dev mailing list