LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   ssh host-based authentification on FC14 (http://www.linuxquestions.org/questions/linux-software-2/ssh-host-based-authentification-on-fc14-945095/)

Ronayn 05-15-2012 11:55 AM

ssh host-based authentification on FC14
 
This is a follow-on question to: http://www.linuxquestions.org/questi...ccount-927887/

I am trying to mimic rlogin/rsh with slogin/ssh. I think I have the gist of HBA with ssh, but what I dont get is why it needs the keys of other machines to be in /etc/ssh_known_hosts?

The specific problem I am having regards the installation process I use to configure new servers. Each new server is configured one at a time. For rlogin/rsh this is not a problem because I can set up .rhosts with the information I have beforehand (server names and IP addresses). After configuring all the clusters, rlogin/rsh just works -- no other configuration for it is needed.

With ssh, even with HBA, it appears that the keys of the other servers are needed for it to work. Of course, I cant provide those keys until after I have all the servers configured and the network up. This is problematic when I dont have all the servers at hand to configure (such as when I need to configure a replacement server locally).

Is there a way to make ssh behave exactly like ssh (doesnt use/lookfor keys)? Is it possible to make all the servers have the same public key? (So I could create a known_hosts file based on that one public key, in advance and place it in /etc/ssh during the configuration?)

chrism01 05-16-2012 09:04 PM

1.
Quote:

Is there a way to make ssh behave exactly like ssh (doesnt use/lookfor keys)?
Use passwds instead; ssh-auth-keys is only an option, its not compulsory

2.
Quote:

Is it possible to make all the servers have the same public key?
http://www.thegeekstuff.com/2008/11/...n-ssh-copy-id/ .. and ssh-copy-id same key to all systems
NB: This is obviously NOT as secure as a separate key per system ...
Ideally a separate key per user per system is advised; remember this is effectively replacing passwds and as such similar guidelines apply.


All times are GMT -5. The time now is 04:28 AM.