Re: question about hosts.equiv and ssh
>On Fri, Nov 07, 2014 at 09:14:05PM -0500, System Administrator wrote: >> In OpenBSD 5.6, the prototype and man-page for hosts.equiv(5) have >> disappeared. However, this file is still referenced in sshd_config(5) >> and (if I'm searching the sources correctly) in /usr/src/usr.bin/ssh >> auth-rhosts.c which is included in the sshd/Makefile. >> >> Is the removal accidental or an indication that its use is deprecated? >> If the latter, what is the [new] recommended "best practices" for >> HostBasedAuthentication within a cluster of trusted servers? >> >> Thanks in advance. >> > >hi! back in april i asked about the refs to this file in the ssh docs. >damien miller told me hosts.equiv is still relevant to "host-based >logins using key authentication", and that the reference should >definitely stay. > >and the removal of hosts.equiv(5) was not accidental. > >i couldn;t comment on "best practices", but i believe the docs are >correct. it could be that ssh(1) etc. need to explain a bit more about >how hosts.equiv work, but i'm not sure. The openssh sub-tree is a bit special. openssh also runs on other systems, obviously. Sometimes openssh has support for a feature, but use of that feature has been deprecated in OpenBSD. In that case, the openssh manual pages need to continue talking about the feature, since it is still relevant on other systems.
Re: question about hosts.equiv and ssh
On Fri, Nov 07, 2014 at 09:14:05PM -0500, System Administrator wrote: > In OpenBSD 5.6, the prototype and man-page for hosts.equiv(5) have > disappeared. However, this file is still referenced in sshd_config(5) > and (if I'm searching the sources correctly) in /usr/src/usr.bin/ssh > auth-rhosts.c which is included in the sshd/Makefile. > > Is the removal accidental or an indication that its use is deprecated? > If the latter, what is the [new] recommended "best practices" for > HostBasedAuthentication within a cluster of trusted servers? > > Thanks in advance. > hi! back in april i asked about the refs to this file in the ssh docs. damien miller told me hosts.equiv is still relevant to "host-based logins using key authentication", and that the reference should definitely stay. and the removal of hosts.equiv(5) was not accidental. i couldn;t comment on "best practices", but i believe the docs are correct. it could be that ssh(1) etc. need to explain a bit more about how hosts.equiv work, but i'm not sure. jmc
question about hosts.equiv and ssh
In OpenBSD 5.6, the prototype and man-page for hosts.equiv(5) have disappeared. However, this file is still referenced in sshd_config(5) and (if I'm searching the sources correctly) in /usr/src/usr.bin/ssh auth-rhosts.c which is included in the sshd/Makefile. Is the removal accidental or an indication that its use is deprecated? If the latter, what is the [new] recommended "best practices" for HostBasedAuthentication within a cluster of trusted servers? Thanks in advance.