Re: hostbased auth between commercial and OpenSSH

From: Richard E. Silverman (
Date: 12/24/02

From: (Richard E. Silverman)
Date: 24 Dec 2002 06:02:24 -0800

Just to elaborate a bit...

> > You realize that this is irrelevant to hostbased authentication...
> Obviously not if I thought it important enough to include it in my
> response. Thanks for the tip.

The tone of *your* response ("obviously") suggests you think my comment
was somehow unnecessary or sarcastic. If you answered as many questions
as I do on the topic, you would realize that this is *not* obvious; people
often include irrelevant information and know it's irrelevant. By asking,
I remove the need for yet another round-trip in the conversation.

> > > and myclienthost's host key has been accepted as a known host.
> >
> > Why do you think you know this?

Perhaps you think this is sarcastic. It isn't; it means exactly what it
says: I want to know why you think this. By telling me your reasoning
behind drawing this conclusion, I may be able to help you. Just saying
"it has been accepted" does not give me enough information to help at all,
since I have no idea if you're right or not. People often include
their assumptions or misinterpretations as if they were facts, without
support; this does not help.

> > You do realize you need to convert the format of the host keys involved,
> > since OpenSSH and SSH2 use different on-disk key formats?

This is phrased as a question, with "You do realize...", since you didn't
say anything about this issue in your post. Perhaps you do know about it,
and dealt with the issue but didn't say anything about it -- or perhaps
you don't know about it at all.


- Richard Silverman