Description of problem: The default value for ssh2 HostbasedAuthentication in ssh_config should be yes. It is currently yes for RhostsRSAAuthentication which is the equivalent setting for ssh1. This variable does not enable HostbasedAuthentication in the server but it just has the client try HostbasedAuthentication whenever it is enabled in the server. At the very least, the variable should be commented in the default ssh_config as being set to no. The asymmetry is confusing! How reproducible: Always Steps to Reproduce: BTW, to get HostbasedAuthentication (ssh2) working you need a world readable /etc/ssh/ssh_known_hosts2 file and the above variable set in both ssh_config and sshd_config.
The commented out option is there now.