Inconsistent server/client configuration

Markus Friedl markus at openbsd.org
Thu Oct 25 00:55:47 EST 2001


On Wed, Oct 24, 2001 at 04:41:02PM +0200, Hans Werner Strube wrote:
> I do not quite understand. I thought that each host would usually have the
> same host key(s), regardless whether acting as server or client. The default
> setting for the client is _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE and
> _PATH_HOST_RSA_KEY_FILE and for the server _PATH_HOST_KEY_FILE and
> _PATH_HOST_DSA_KEY_FILE only; but the server's file names can be configured.
> Why should ssh then "read every private key on the system"?
> Why do I "have to hardcode another filename"?

ssh(1) needs _PATH_HOST_RSA_KEY_FILE for hostbased authentication.

if we add HostKey to .ssh/config a user can do this:

	% cat > .ssh/config << EOF
	Host myhost
		HostKey /root/.ssh/id_rsa
		PreferredAuthentications hostbased
	EOF
	% ssh myhost

and sign data using the key of user root.

we could force ssh(1) to read sshd_config and check where the hostkey
is, but how does ssh(1) where sshd_config is?



More information about the openssh-unix-dev mailing list