openssh unix dev - May 2001 - HostbasedAuthentication, and my sillyness

Maybe I just can't read properly, but I just spent the best part of a
day trying to work out why HostbasedAuthentication wouldn't work for
me (with protocol 2 in openssh-2.9p1).

It seems (though maybe there is something wrong with my install), that
after enabling it in the sshd_config it doesn't work, since the client
will not in fact request it (by default).

I was fooled by the statement in the ssh man page about
HostbasedAuthentication that the client supports this by default (well
it is set to "yes").  While it supports it, it seems that the default
value for PreferredAuthentications is set to:

  publickey,password,keyboard-interactive,hostbased

so it starts prompting for a password before getting that far.
Setting the list to:

  publickey,hostbased,password,keyboard-interactive

in ssh_config seems to do the trick, but even having added this I
still can't find anything obvious which I should have seen before.

If nothing else I'd suggest a statement in the ssh man page in the
section for HostbasedAuthentication saying that one needs to alter the
PreferredAuthentications before it is likely to work.

Looking at the code in sshconnect2.c it seems to default to the order
in the authmethods array, is there any reason not to patch that to
place hostbased before password?

Am I missing something, is this a subtle hint that we should not
actually use hostbasedauthentication?

 -- Jon

On Wed, May 09, 2001 at 12:38:43AM +0100, J.S.Peatfield at damtp.cam.ac.uk
wrote:
> Looking at the code in sshconnect2.c it seems to default to the order
> in the authmethods array, is there any reason not to patch that to
> place hostbased before password?
no.