ssh host-based authentification on FC14
This is a follow-on question to: http://www.linuxquestions.org/questi...ccount-927887/
I am trying to mimic rlogin/rsh with slogin/ssh. I think I have the gist of HBA with ssh, but what I dont get is why it needs the keys of other machines to be in /etc/ssh_known_hosts?
The specific problem I am having regards the installation process I use to configure new servers. Each new server is configured one at a time. For rlogin/rsh this is not a problem because I can set up .rhosts with the information I have beforehand (server names and IP addresses). After configuring all the clusters, rlogin/rsh just works -- no other configuration for it is needed.
With ssh, even with HBA, it appears that the keys of the other servers are needed for it to work. Of course, I cant provide those keys until after I have all the servers configured and the network up. This is problematic when I dont have all the servers at hand to configure (such as when I need to configure a replacement server locally).
Is there a way to make ssh behave exactly like ssh (doesnt use/lookfor keys)? Is it possible to make all the servers have the same public key? (So I could create a known_hosts file based on that one public key, in advance and place it in /etc/ssh during the configuration?)
NB: This is obviously NOT as secure as a separate key per system ...
Ideally a separate key per user per system is advised; remember this is effectively replacing passwds and as such similar guidelines apply.
|All times are GMT -5. The time now is 07:40 AM.|