EnableSSHKeysign
Markus Friedl
markus at openbsd.org
Tue Oct 7 17:51:09 EST 2003
yes, it's intentional. ssh-keysign
does not know the target host.
EnableSSHKeysign is intended to protect
the private host key.
perhaps this should be better documented...
On Mon, Oct 06, 2003 at 09:59:26PM -0700, Tim Rice wrote:
>
> It looks like host based authentication will not work if you
> attempt to set EnableSSHKeysign on a per host basis.
>
> Ie. This does not work.
> -------
> Host ou8
> HostName ou8.somedomain.com
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
> -------
>
> Unless you also add
> -----
> Host *
> EnableSSHKeysign yes
> -----
>
> Is this the intended behavior?
>
> --
> Tim Rice Multitalents (707) 887-1469
> tim at multitalents.net
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list