[MERGE][bug #183705] Update authentication docs regarding ssh agents.
harald.meland at usit.uio.no
Sat May 10 00:21:05 BST 2008
[John Arbash Meinel]
> @@ -195,7 +197,7 @@
> ~ host=dev.company.com
> ~ path=/dev/integration
> ~ user=user2
> - password=pass2
> + # No password since we use host keys
> I would probably just leave the comment out.
> Also, are these "host keys"?
Well, host keys can be a part of the picture -- if you have a
"~/.shosts" or "~/.rhosts" file with the proper contents on the remote
host, and sshd there is set up to allow the use of host-based
authentication. However, if you're using host-based authentication,
you don't need to have a ssh agent.
> I thought that was something rsh had, where you could set up 2 hosts
> to trust eachother for all users.
rsh can use .rhosts to allow passwordless login from other "trusted"
hosts. However, the "trust" here is rather weak. Host keys are part
of ssh's attempt to improve inter-host trust -- if you want to do ssh
host-based authentication, the server must be able to verify the
client's host key.
> This seems a lot more like per-user ssh keys. Since I can set up
> several keys to be trusted for just my user, which has little to do
> with the hosts involved.
I think "ssh keys" is the correct term to use, as it covers both host
keys and per-user keys, and either can be among the mechanisms
More information about the bazaar