Inconsistent server/client configuration
Hans Werner Strube
strube at physik3.gwdg.de
Thu Oct 25 01:10:43 EST 2001
> On Wed, Oct 24, 2001 at 04:41:02PM +0200, Hans Werner Strube wrote:
> > I do not quite understand. I thought that each host would usually have the
> > same host key(s), regardless whether acting as server or client. The default
> > setting for the client is _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE and
> > _PATH_HOST_RSA_KEY_FILE and for the server _PATH_HOST_KEY_FILE and
> > _PATH_HOST_DSA_KEY_FILE only; but the server's file names can be configured.
> > Why should ssh then "read every private key on the system"?
> > Why do I "have to hardcode another filename"?
>
> ssh(1) needs _PATH_HOST_RSA_KEY_FILE for hostbased authentication.
>
> if we add HostKey to .ssh/config a user can do this:
>
> % cat > .ssh/config << EOF
> Host myhost
> HostKey /root/.ssh/id_rsa
> PreferredAuthentications hostbased
> EOF
> % ssh myhost
>
> and sign data using the key of user root.
Thank you, now I see your point. But then the configurability of the
server hostkey files seems to be rather superfluous, since they are
usually the same as for an ssh client on this same machine.
More information about the openssh-unix-dev
mailing list