Using ~/.shosts with OpenSSH

In order for ~/.shosts host-based authentication to work with OpenSSH, the following directives must be set in sshd_config:

HostbasedAuthentication yes
IgnoreRhosts no

Also, the host key of the client has to be placed in the server's /etc/ssh/ssh_known_hosts or $HOME/.ssh/known_hosts (if using  IgnoreUserKnownHosts no on the server, which is the default setting). See "SSH_KNOWN_HOSTS file format" in sshd(8).

The fully-qualified domain name (FQDN) of the client system must be placed in ~/.shosts; short names do not work.

Back to
Last modified: 2008/01/21