Re: hosts based open ssh authentication

[Gary Dale <garydale@torfree.net>]

On 01/11/14 05:50 PM, Bhasker C V wrote:
> Hi all
>
>   I have a system in a cluster (experimental) and there are a lot of
> debian machines which depend on this system and must be able to ssh into
> this system
>
> I wanted password-less authentication and looked on the internet.
> Almost all the examples and help shown involves setting up
> ssh_known_hosts which I am trying to avoid (cumbersome in a large
> network where we dont know who will need access).
>
> Anyone got this working just plain without adding known hosts ? I do not
> want to add each and every host to ssh_known_host. Essentially I want to
> have an open access to one of the servers via ssh.
>
> I tried running sshd as root and adding
>
> auth sufficient pam_rootok.so
>
> to pam ssh and login
> but that did not help.
>
> Thanks
>
> Bhasker C V

Trying hard to understand what you want but failing. It almost sounds 
like you want anyone to be able to connect ("don't know who will need 
access" "want to have open to one of the servers") from anywhere (I do 
want to add each and every host to ssh_known_host). Which begs the 
question why use any kind of security?

However, if you want to protect the network traffic, have you tried to 
use ssl/tls and close down the unencrypted access?