How to specify chost (client hostname) used for hostbased authentication?

[Gert Doering]

Hi,

On Fri, Sep 05, 2025 at 11:45:33AM +0200, Jan Schermer wrote:
> I am not that familiar with HostbasedAuthentication, or rather how it was/is actually used and what the background is.
> To me, the whole thing with SSHKeySign looks like the server could actually SSH back to the client(???s server), have the server sign/verify it (sort of out-of-band) and then accept/reject the original authentication, not sure if something like that is behind this design or not but that???s why my thoughts went for verifying the hostname by forward DNS lookup???

The server will never SSH back.  There is a suid binary on the client
(ssh-keysign) which will take the client's hostkeys and sign a challenge
with them.  It needs to be suid because a normal user's ssh has no
access to the client's private host keys.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de