> I need a clarification here from you all regarding the functionality of
> HostBasedAuthentication.
>
> 1) If the remote SFTP server admin wants to allow only Host based
> authentication, then the remote sshd_config should have
> 'HostBasedAuthentication' set to yes, and the rest set to no, like
> 'PasswordAuthentication'. But should it also need to have
> 'PubKeyAuthentication' set to yes? Because the definition of HostBased
> authentication is that it involves authenticating the client host *and*
> the client public key authentication.
> I tried setting 'HostBasedAuthentication' to yes, and rest of the two to
> no at server side sshd_config. I was not able to connect to the remote
> server, using the standard UNIX sftp utility itself. When I set the
> 'PubKeyauthentication' also to yes at server sshd_config, only then
> the sftp utility at client side was able to login.
>
HostBased and PublicKey auth methods are two different methods (although
they use the same underlying principles).
PublicKeyAuth:
Client signs a one-time token with their personal private key proving
to the server that they are that specific person.
HostBasedAuth:
Client signs a one-time token with their host-machine's private key
(which is shared by all users on that machine -- though typically owned
and only readable by root). Along with this signature, client sends a
message saying "I affirm that the user connecting to you is _____". The
server doesn't get direct confirmation that you are you, but the server
trusts your host enough to believe it.
I suspect that you're not actually using any HostBased authentication
in your setup. More likely you have a personal private key and are only
using the PublicKey authentication method.
Note that in both methods (and password method for that matter), the
identity of the server is always confirmed* before the authentication
stage is ever reached. (* Assuming you know the server's public key
fingerprint ahead of time and validate that)
> 2) Is the list of supported authentication methods, which libssh2
> library receives from the remote SFTP server, generated on basis of
> which all auth methods are set to yes in sshd_config?
>
Yes.
-Sara
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2007-03-07