Inconsistent server/client configuration
Hans Werner Strube
strube at physik3.gwdg.de
Thu Oct 25 00:41:02 EST 2001
> your mail is missing many details, but i assume you are talking
> about hostbased authentication.
>
> On Wed, Oct 24, 2001 at 10:51:57AM +0200, Hans Werner Strube wrote:
> > It appears somewhat inconsistent to me that parameter HostKey is configurable
> > on the server side but fixed on the client side.
> > On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE,
> > _PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server,
> > the paths can be specified by up to three HostKey options as arbitrary names
> > in arbitrary sequence.
>
> because the client is setuid root. you don't want to make
> ssh read every private key on the system.
>
> the client _could_ get the hostkey pathnames from sshd_config,
> but then you have to hardcode another filename.
I do not quite understand. I thought that each host would usually have the
same host key(s), regardless whether acting as server or client. The default
setting for the client is _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE and
_PATH_HOST_RSA_KEY_FILE and for the server _PATH_HOST_KEY_FILE and
_PATH_HOST_DSA_KEY_FILE only; but the server's file names can be configured.
Why should ssh then "read every private key on the system"?
Why do I "have to hardcode another filename"?
More information about the openssh-unix-dev
mailing list