> I need a clarification here from you all regarding the functionality of > HostBasedAuthentication. > > 1) If the remote SFTP server admin wants to allow only Host based > authentication, then the remote sshd_config should have > 'HostBasedAuthentication' set to yes, and the rest set to no, like > 'PasswordAuthentication'. But should it also need to have > 'PubKeyAuthentication' set to yes? Because the definition of HostBased > authentication is that it involves authenticating the client host *and* > the client public key authentication. > I tried setting 'HostBasedAuthentication' to yes, and rest of the two to > no at server side sshd_config. I was not able to connect to the remote > server, using the standard UNIX sftp utility itself. When I set the > 'PubKeyauthentication' also to yes at server sshd_config, only then > the sftp utility at client side was able to login. > HostBased and PublicKey auth methods are two different methods (although they use the same underlying principles).
PublicKeyAuth: Client signs a one-time token with their personal private key proving to the server that they are that specific person. HostBasedAuth: Client signs a one-time token with their host-machine's private key (which is shared by all users on that machine -- though typically owned and only readable by root). Along with this signature, client sends a message saying "I affirm that the user connecting to you is _____". The server doesn't get direct confirmation that you are you, but the server trusts your host enough to believe it. I suspect that you're not actually using any HostBased authentication in your setup. More likely you have a personal private key and are only using the PublicKey authentication method. Note that in both methods (and password method for that matter), the identity of the server is always confirmed* before the authentication stage is ever reached. (* Assuming you know the server's public key fingerprint ahead of time and validate that) > 2) Is the list of supported authentication methods, which libssh2 > library receives from the remote SFTP server, generated on basis of > which all auth methods are set to yes in sshd_config? > Yes. -Sara ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ libssh2-devel mailing list libssh2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libssh2-devel
