On Mon, 27 Oct 2008, Dominik Epple wrote:

> Hi,
>
> is there any way to use hostbased authentication without the need to
> have the SSH host keys stored in a known_hosts file?
>
> We run a large cluster where we need to have passwordless remote login
> available. We currently do that with hostbased SSH authentication. But
> it is error-prone and a lot of work to keep the known_hosts file up to
> date on all hosts. (This is the same situation like DNS vs /etc/hosts
> and LDAP vs /etc/passwd, and so on.)
>
> We know of the possibility to store SSH fingerprints in SSHFP records
> in DNS. But this currently does not allow hostbased authentication,
> it only allows the client to verify the server's host key.
>
> Is there any other possiblity?


Kerberos or push out hostkey lists with rdist.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev