Talk:OpenSSH/Cookbook/Host-based Authentication

Is this snippet correct? The examples look like they might be clients but the shosts.equiv needs to be "oriented to just the list of hosts". I'm confused.
The /etc/shosts.equiv identifies which addresses are allowed to try authenticating. Keep this file simple and oriented to just the list of hosts. It provides only the first cut, anyway. For fine tuning, use sshd_config to set or revoke access for specific users and groups.

client1.example.org

192.168.0.102

client8.example.org -bull

@statcluster


 * host means a machine connected to the net, either a client or a server. But overall it could use some clarification.  Larsnooden (discuss • contribs) 08:56, 3 September 2013 (UTC)


 * It would help me if the difference between shosts.equiv and ssh_known_hosts was explained. I currently think shosts.equiv is a really badly named whitelist of clients IPs while ssh_known_hosts is another really badly named file, this time a list of clients and their public keys.  It seems bonkers and I hope I'm wrong!  Thanks much for your (Lars) effort in trying to explain this.


 * shosts.equiv is the list of machines whose users are allowed to be considered for host-base authentication. ssh_known_hosts is a register of machines and their public keys.  Those machines that are on both lists are allowed to try to authenticate. ~ Larsnooden (discuss • contribs) 18:47, 3 September 2013 (UTC)