With the addition of support for host keys using ECDSA and ed25519, the number of authentication attempts used by hostbased authentication has also increased. This can make authentication problematic in cases where hostbased authentication is enabled on both the client and server, but misconfiguration causes all hostbased authentication attempts to fail. Since hostbased authentication typically requires updating two (or three) files on the server side, in addition to the sshd_config, it is not unusual for there to be configuration issues when allowing a new client to use hostbased authentication. For example, the client hostname may be mistyped in /etc/shosts.equiv. Complications can also arise if the client system has multiple network interfaces, each with distinct names in DNS; e.g. foo-ge, foo-xge. The client will attempt to authenticate with each host key until it succeeds, all host keys have been tried, or the number of allowed authentication attempts have been exhausted. Thus, four out of the default six authentication attempts can be used by hostbased authentication before the user has a chance to attempt public-key or password authentication. This situation can be made even worse if a host certificate is also available. It would be helpful if there was a mechanism to limit the number of authentication attempts used by hostbassed authentication, so that a reasonable number still remain for other authentication methods if hostbased authentication fails. A simple solution would be to add support for an ssh_config(5) option to limit the number of attempts, such as HostbasedMaxTries or MaxHostbasedAuthTries. A more flexible (although more complicated to implement) solution would be to provide a means of specifying the keys or key types to try; e.g. HostbasedKeyTypes ecdsa,ssh-rsa.
Would it be possible to have sshd disable hostbased authcation if auth_rhosts2() fails? That would catch the majority of cases where repeated hostbased auth attempts with different keys is pointless. In other words, if auth_rhosts2() fails, it will fail for all key types, so there is really no point in letting the client make further attempts using that authentication method.
Created attachment 2529 [details] Add HostbasedKeyTypes to ssh(1) Add support for a HostbasedKeyTypes client option, inspired by and largely based upon HostbasedAcceptedKeyTypes. This allows the administrator (or user) to select a subset of the supported key types for use with hostbased authentication.
Created attachment 2532 [details] Add HostbasedKeyTypes to scp.1 and sftp.1
Created attachment 2539 [details] make HostbasedKeyTypes control order as well as select types sent Most of the other options to control protocol methods specify the ordering they are offered or attempted as well as selecting which are available. I've modified your patch to control the order too. It's a little more complex, but works OK against my test server. It also updates userauth_hostbased and ssh_keysign to the new post-refactor API. (patch is against OpenBSD -current)
patch applied - will be in OpenSSH-6.8. Thanks!
openssh-6.8 is released