OpenSSH Host-based Authentication

# vi /etc/ssh/ssh_config
Host *
HostbasedAuthentication yes
EnableSSHKeysign yes

# vi /etc/ssh/sshd_config
HostbasedAuthentication yes

# cat /etc/ssh/shosts.equiv
h1
c1
192.168.1.100
192.168.1.101

# cat ssh_hosts
h1,192.168.1.100
c1,192.168.1.101
# ssh-keyscan -t rsa -f ssh_hosts > /etc/ssh/ssh_known_hosts

# systemctl restart sshd

這樣就可以用 host-based 認證了