Ssh HostbasedAuthentication

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
m
Line 1: Line 1:
-
== Relevant ''sshd_config'' directives
+
== Relevant ''sshd_config'' directives ==
HostbasedAuthentication
HostbasedAuthentication
Line 41: Line 41:
together with successful RSA host authentication is allowed. The
together with successful RSA host authentication is allowed. The
default is “no”. This option applies to protocol version 1 only.
default is “no”. This option applies to protocol version 1 only.
 +
 +
* If you are only using '''Protocol 2''' (which you should be), you may ignore '''RhostsRSAAuthentication'''.

Revision as of 20:01, 10 March 2008

Relevant sshd_config directives

    HostbasedAuthentication
            Specifies whether rhosts or /etc/hosts.equiv authentication
            together with successful public key client host authentication is
            allowed (host-based authentication).  This option is similar to
            RhostsRSAAuthentication and applies to protocol version 2 only.
            The default is “no”.

    HostbasedUsesNameFromPacketOnly
            Specifies whether or not the server will attempt to perform a
            reverse name lookup when matching the name in the ~/.shosts,
            ~/.rhosts, and /etc/hosts.equiv files during
            HostbasedAuthentication.  A setting of “yes” means that sshd(8)
            uses the name supplied by the client rather than attempting to
            resolve the name from the TCP connection itself.  The default is
            “no”.

    IgnoreRhosts
            Specifies that .rhosts and .shosts files will not be used in
            RhostsRSAAuthentication or HostbasedAuthentication.

            /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used.  The
            default is “yes”.

    IgnoreUserKnownHosts
            Specifies whether sshd(8) should ignore the user’s
            ~/.ssh/known_hosts during RhostsRSAAuthentication or
            HostbasedAuthentication.  The default is “no”.

    Protocol
            Specifies the protocol versions sshd(8) supports.  The possible
            values are ‘1’ and ‘2’.  Multiple versions must be comma-sepa‐
            rated.  The default is “2,1”.  Note that the order of the proto‐
            col list does not indicate preference, because the client selects
            among multiple protocol versions offered by the server.  Specify‐
            ing “2,1” is identical to “1,2”.

    RhostsRSAAuthentication
            Specifies whether rhosts or /etc/hosts.equiv authentication
            together with successful RSA host authentication is allowed.  The
            default is “no”.  This option applies to protocol version 1 only.
  • If you are only using Protocol 2 (which you should be), you may ignore RhostsRSAAuthentication.
Personal tools