Inconsistent server/client configuration
Markus Friedl
markus at openbsd.org
Thu Oct 25 00:55:47 EST 2001
On Wed, Oct 24, 2001 at 04:41:02PM +0200, Hans Werner Strube wrote:
> I do not quite understand. I thought that each host would usually have the
> same host key(s), regardless whether acting as server or client. The default
> setting for the client is _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE and
> _PATH_HOST_RSA_KEY_FILE and for the server _PATH_HOST_KEY_FILE and
> _PATH_HOST_DSA_KEY_FILE only; but the server's file names can be configured.
> Why should ssh then "read every private key on the system"?
> Why do I "have to hardcode another filename"?
ssh(1) needs _PATH_HOST_RSA_KEY_FILE for hostbased authentication.
if we add HostKey to .ssh/config a user can do this:
% cat > .ssh/config << EOF
Host myhost
HostKey /root/.ssh/id_rsa
PreferredAuthentications hostbased
EOF
% ssh myhost
and sign data using the key of user root.
we could force ssh(1) to read sshd_config and check where the hostkey
is, but how does ssh(1) where sshd_config is?
More information about the openssh-unix-dev
mailing list