Hi,

is there any way to use hostbased authentication without the need to
have the SSH host keys stored in a known_hosts file?

We run a large cluster where we need to have passwordless remote login
available. We currently do that with hostbased SSH authentication. But
it is error-prone and a lot of work to keep the known_hosts file up to
date on all hosts. (This is the same situation like DNS vs /etc/hosts
and LDAP vs /etc/passwd, and so on.)

We know of the possibility to store SSH fingerprints in SSHFP records
in DNS. But this currently does not allow hostbased authentication,
it only allows the client to verify the server's host key.

Is there any other possiblity?

Thanks in advance,
Dominik

--
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev