This may be a FAQ, but wouldn't SSH be more secure if the user can only log in if the server has the client's ssh_host_key.pub in its ssh_known_hosts file AND the user has his identity.pub from his client computer in the authorized_keys on the server? This would require two keys to be able to log in. I thought this was ssh would work with the following sshd_config file: --- BEGIN FILE --- Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes CheckMail no UseLogin no SyslogFacility AUTH LogLevel INFO RhostsRSAAuthentication yes IgnoreRhosts yes RhostsAuthentication no IgnoreUserKnownHosts yes RSAAuthentication yes PasswordAuthentication no PermitEmptyPasswords no ---- END FILE --- But, it turns out, that as long as authorized_keys on my server has the identity.pub file from my client computer, I'm allowed in regardless if the public key of the client is in the ssh_known_hosts on the server. It seems like requiring two keys would be preferrable, but if I've misconfigured something, please let me know. Thanks for any help. Jiann-Ming Su js1 at js1.org
On Fri, Jan 21, 2000 at 12:22:48AM -0500, Jiann-Ming Su wrote:> This may be a FAQ, but wouldn't SSH be more secure if the user can only > log in if the server has the client's ssh_host_key.pub in its > ssh_known_hosts file AND the user has his identity.pub from his > client computer in the authorized_keys on the server? This > would require two keys to be able to log in. I thought thisno, this is not possible with SSH, it's not defined in the protocol, you cannot do both. -markus