So I\'m running a private subnet where there is no internet connectivity, I unde

Question

So I'm running a private subnet where there is no internet connectivity, I understand the grave danger of running an ssh server on the internet without security.

In short I would like to be able to login to another machine on my subnet without entering a password or fumbling with rsa keys. So passwordless, but not passwordless in the traditional sense.

To complicate the matter, I boot over the network, and the mechanism I am using to do so (Warewulf) does not easily allow me to add rsa keys to the root user.

So I am looking for a way to disable all ssh security through the sshd_config and ssh_config files.

Thanks.

Explanation / Answer

Assuming OpenSSH, you can (still, but not by default) use HostbasedAuthentication which is the same (fragile) scheme used by classic rsh/rhost before ssh was invented. Namely, if the client IPaddress maps to a hostname listed in a server system or user config file, the connection is accepted.

This relies on correct and available rDNS for your local/trusted machines, so unless you are a part of a meticulously administered enterprise network, this likely means either: running your own DNS server -- at minimum dnsmasq or similar -- which is authoritative for local and forwards non-local as needed -- which isn't needed if 'private subnet' means you don't connect out at all; or editting your local client machines into the hosts file on every server (at least) and keeping them up to date.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.