Hi there, I have installed ssh-2.1.0 (and patch1) into a small local network of PCS and Sun Ultra 5s running Red Hat Linux 6.1 (2.2.12-20) and Solaris 2.7 and, based on the instructions of FAQ 3.5, I set up a hostbased authentication system for the local machines. The "sshd2_config" files for all machines are identical to #================================================================ *: Port 22 ListenAddress 0.0.0.0 Ciphers AnyStd IdentityFile identification AuthorizationFile authorization HostKeyFile hostkey PublicHostKeyFile hostkey.pub RandomSeedFile random_seed ForwardAgent yes ForwardX11 yes PasswordGuesses 3 PermitRootLogin no AllowedAuthentications publickey,password,hostbased ForcePTTYAllocation no VerboseMode no PrintMotd yes CheckMail yes UserConfigDirectory "%D/.ssh2" SyslogFacility AUTH Ssh1Compatibility yes AllowSHosts euler hiparco newton galileu lana IgnoreRhosts yes IgnoreRootRHosts yes RequireReverseMapping no UserKnownHosts no MaxBroadcastsPerSecond 1 subsystem-sftp sftp-server #================================================================== and "/etc/shosts.equiv" files look like #============== euler hiparco newton galileu lana #============== This way I hope to be able to give control only to the superuser about which machines are allowed to connect. Nevertheless, independent of the contents of "/etc/shosts.equiv" or "AllowSHosts", users from euler, hiparco, newton, galileu or lana can always login into or from any of these machines. For instance, if I remove "hiparco' from "shosts.equiv" or from "AllowSHosts" any user can still be authenticated when connected from "hiparco", and no password is asked. Is the information on "etc/shosts.equiv" and on AllowSHosts just been ignored by ssh? By the way, "DenyShosts" doesn't seem to work either. Alex Schmidt
