71682 – HostbasedAuthentication should be yes in ssh_config

Bug 71682 - HostbasedAuthentication should be yes in ssh_config

Summary: HostbasedAuthentication should be yes in ssh_config

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openssh
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-08-16 17:09 UTC by Jim Radford
Modified:	2007-04-18 16:45 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-02-04 10:05:35 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jim Radford 2002-08-16 17:09:00 UTC

Description of problem:
The default value for ssh2 HostbasedAuthentication in ssh_config should be yes.
 It is currently yes for RhostsRSAAuthentication which is the equivalent setting
for ssh1.

This variable does not enable HostbasedAuthentication in the server but it just
has the client try HostbasedAuthentication whenever it is enabled in the server.

At the very least, the variable should be commented in the default ssh_config as
being set to no.  The asymmetry is confusing!

How reproducible: Always

Steps to Reproduce:
BTW, to get HostbasedAuthentication (ssh2) working you need a world readable
/etc/ssh/ssh_known_hosts2 file and the above variable set in both ssh_config and
sshd_config.

Comment 1 Tomas Mraz 2005-02-04 10:05:35 UTC

The commented out option is there now.

Note You need to log in before you can comment on or make changes to this bug.