Q&A

What is host-based authentication?

Cairon Davison

What is host-based authentication?

Host based authentication is where the host (or server) is authenticated so some users can just authenticate without the need of a key or whatsoever. Key base authentication is where you, as a user generate a public and private key from your machine or host.

How does ssh host-based authentication work?

ssh/known_hosts). If it finds a public key, it uses it to decrypt the encrypted data sent by source, and verifies the hosts match. If everything succeeded up to this point, hostbased authentication succeeds and you are logged in with no password.

Is host-based authentication secure?

In host-based authentication, if the machine the user logs in from is listed in /etc/hosts. equiv or /etc/shosts. This authentication method closes security holes due to IP spoofing, DNS spoofing, and routing spoofing.

What is shosts?

shosts is exactly the same as . rhosts, but allows host-based authentication without permitting login by insecure, legacy tools rlogin and rsh. The list is one line per host.

What is public key authentication?

Public key authentication is an alternative means of identifying yourself to a login server, instead of typing a password. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody).

What is etc ssh Ssh_known_hosts?

/etc/ssh/ssh_known_hostsEdit This contains the system-wide list of known host keys used to verify the identity of the remote host and thus hinder impersonation or eavesdropping. This file should be prepared by the system administrator to contain the public host keys of all necessary hosts. It should be world-readable.

Which file is used to configure ssh?

The SSH server has its own set of configuration files, including the SSH server system-wide configuration file named sshd_config. By default, these files reside in the /etc/ssh directory on the remote host.

How do I enable public key authentication?

Procedure

  1. Use the ssh-keygen tool to create a key pair.
  2. Validate that the keys were generated.
  3. Enable key-based authentication in the /etc/ssh directory on the SSH server.
  4. Copy the rsa.
  5. If you have an existing authorized_keys file, edit it to remove any no-pty restrictions.

Can I delete known_hosts file?

Navigate to HKEY_CURRENT_USER/SOFTWARE/SimonTatham/PuTTy/SshHostKeys. Right click the offending key and click delete.