Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source

Peter Stuge peter at
Thu Jun 4 04:07:03 AEST 2020

mailto428496 wrote:
> > Couldn't you use hostbased authentication for client machines and
> > publickey for users?
> That had occurred to me, but in our case users sometimes connect from 
> shared systems that are outside of our direct control and we would like 
> to control pubkey client access on a per user basis rather than per machine.

Hostbased authentication can use per-user host keys.

Or maybe I don't understand your point?

Hostbased auth can consider both system-wide (on server) public host keys
(for client hosts) as well as per-user (on server) public host keys
(for client hosts).

In addition to hostbased, publickey authentication then requires the
user to also authenticate themselves to the server, as usual.

Now, I don't think there is a hook for host public keys like there is
for user public keys, but maybe you can use it anyway?


More information about the openssh-unix-dev mailing list