Bug 1128

Summary:

Configuration keyword "ShostsFile (or RhostsFile)" does not exist

Product:

Portable OpenSSH

Reporter:

SASAJIMA Toshihiro <sasajima>

Component:

sshd

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

enhancement

Priority:

Version:

4.2p1

Hardware:

All

OS:

All

Attachments:

Description	Flags
this patch appends configuration keyword "ShostsFile"	none

Description SASAJIMA Toshihiro 2005-12-01 19:00:04 AEDT

Configuration keyword "AuthorizedKeyFile" is very useful.
If your sshd permits PubkeyAuthentication and you want to that only root user edits all authorized_keys files in the host, you can use "AuthorizedKeyFile" to put the file into system configuration directory.

If your sshd permits HostbasedAuthentication and you want to that only root user edits all .shosts/.rhosts files, you will need configuration keyword "ShostsFile".

Comment 1 Damien Miller 2005-12-01 19:03:54 AEDT

If you want deny user control of HostbasedAuthentication, then you can enter users in /etc/shosts.equiv and set IgnoreRhosts=yes in sshd_config

Does that solve your problem?

Comment 2 SASAJIMA Toshihiro 2005-12-01 19:13:12 AEDT

Created attachment 1033 [details]
this patch appends configuration keyword "ShostsFile"

This patch works in my Solaris8 box.

Comment 3 SASAJIMA Toshihiro 2005-12-01 19:35:39 AEDT

(In reply to comment #1)
> If you want deny user control of HostbasedAuthentication, then you can enter
> users in /etc/shosts.equiv and set IgnoreRhosts=yes in sshd_config
> 
> Does that solve your problem?
> 

No, hosts.equiv only solves following: 

   foo@localhost -> foo@remotehost

But I assume following:

   foo@localhost -> bar@remotehost