Copy the client's
/etc/ssh2/hostkey.pub file over to the server. Note that this requires root permissions on the client, and optionally on the server as well.
SSH Tectia Server is configured by default to look in one of two places on server for the host keys to use for host-based authentication:
The server administrator can edit the
keyword in the
sshd2_config file to disable the use of the user-defined known hosts (they are allowed by default).
If you want to allow host-based authentication to all users connecting from the client machine, you can add the public host key to
/etc/ssh2/knownhosts. Root permissions are required for this method.
If you want to allow host-based authentication only to some users, and if user-defined knownhosts are allowed, then you can instead add the keys to the
You have to name the client's public key as follows on the server:
In the example,
client.example.com is the hostname the client is sending to the server. When
DefaultDomain has been set on client, this name is always the long hostname (FQDN). This gives the server the client's public key so the server can verify the client user's identity based on the public key signature.