Bug 71682

Summary: HostbasedAuthentication should be yes in ssh_config
Product: [Retired] Red Hat Linux Reporter: Jim Radford <radford>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-04 10:05:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jim Radford 2002-08-16 17:09:00 UTC 
Description of problem:
The default value for ssh2 HostbasedAuthentication in ssh_config should be yes.
 It is currently yes for RhostsRSAAuthentication which is the equivalent setting
for ssh1.

This variable does not enable HostbasedAuthentication in the server but it just
has the client try HostbasedAuthentication whenever it is enabled in the server.

At the very least, the variable should be commented in the default ssh_config as
being set to no.  The asymmetry is confusing!

How reproducible: Always

Steps to Reproduce:
BTW, to get HostbasedAuthentication (ssh2) working you need a world readable
/etc/ssh/ssh_known_hosts2 file and the above variable set in both ssh_config and
sshd_config.
Comment 1 Tomas Mraz 2005-02-04 10:05:35 UTC 
The commented out option is there now.