apparent ssh_config fascism

Phillip Brown P.Brown at
Sat Nov 16 03:59:24 EST 2002

It appears that /etc/ssh/ssh_config enforces policy on local users in
addition to its documented role as provider of defaults.

$ ssh -V
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

$ cat .ssh/config
Host localhost
   HostbasedAuthentication yes
   PreferredAuthentications hostbased

$ ssh localhost
Hostbased authentication not enabled in /etc/ssh/ssh_config
ssh_keysign: no reply
key_sign failed
Permission denied (publickey,password,keyboard-interactive,hostbased).

The situation is rectified by enabling Hostbased authentication in
/etc/ssh/ssh_config (as the error message suggests), but this must be
done by the systems administrator.  Why is the setting in .ssh/config not
sufficient?  Is this behaviour a bug or a feature?

BTW these experiences are with the RPM for Red Hat 7.3

More information about the openssh-unix-dev mailing list