G'day folks,
The powers that be for my current project have stipulated that they want
the following mechanism for SSH authentication between their NT clients
and Solaris 8 servers...
1. All NT workstations will have host-keys generated at install
time.
2. Those keys will be "made known" to the Solaris boxes.
3. When a user logs in...
(a) If the host key is unknown, no further attempts to
authenticate are allowed (user will not be permitted to
log in.
(b) If the host key is known (and authenticates correctly to
its IP/name), then password authentication should occur
for the UNIX user.
My question is, can this be done? If so, how? I've tried various
combinations of RhostsRSAAuthentication, RhostsAuthentication and
RSAAuthentication without any luck.
We're using OpenSSH 2.3.0p1 on the Solaris 8 and NT 4 boxes.
(Of course, my preference is for the "full implementation" of user keys
but that's not my call.)
Thanks for any help. Ciao.
Daniel Baldoni
(LcdS Pty. Ltd.)
