From owner-cvs-all  Fri Sep 25 02:53:42 1998
Return-Path: <owner-cvs-all>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA05904
          for cvs-all-outgoing; Fri, 25 Sep 1998 02:53:42 -0700 (PDT)
          (envelope-from owner-cvs-all)
Received: from ifi.uio.no (ifi.uio.no [129.240.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA05891
          for <committers@FreeBSD.ORG>; Fri, 25 Sep 1998 02:53:35 -0700 (PDT)
          (envelope-from dag-erli@ifi.uio.no)
Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15])
	by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id LAA04355;
	Fri, 25 Sep 1998 11:53:04 +0200 (MET DST)
Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Fri, 25 Sep 1998 11:53:02 +0200 (MET DST)
Mime-Version: 1.0
To: Brian Somers <brian@Awfulhak.org>
Cc: Mark Murray <mark@grondar.za>,
        Nik Clayton <nik@nothing-going-on.demon.co.uk>, committers@FreeBSD.ORG
Subject: Re: Security and other facilities at WC CDROM - the plan.
References: <199809242335.AAA23344@woof.lan.awfulhak.org>
Organization: University of Oslo, Department of Informatics
X-url: http://www.stud.ifi.uio.no/~dag-erli/
X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list
X-disclaimer-1: The views expressed in this article are mine alone, and do
X-disclaimer-2: not necessarily coincide with those of any organisation or
X-disclaimer-3: company with which I am or have been affiliated.
X-Stop-Spam: http://www.cauce.org/
From: dag-erli@ifi.uio.no (Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?= )
Date: 25 Sep 1998 11:52:58 +0200
In-Reply-To: Brian Somers's message of "Fri, 25 Sep 1998 00:35:12 +0100"
Message-ID: <xzpaf3objt1.fsf@hrotti.ifi.uio.no>
Lines: 15
X-Mailer: Gnus v5.5/Emacs 19.34
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id CAB05900
Sender: owner-cvs-all@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Brian Somers <brian@Awfulhak.org> writes:
> If you do stuff from libalias'd machines, you must make your host key 
> on all machines behind the alias'er the same as the alias'ers and add 
> whatever *.freebsd.org sees as being the connecting machine to your 
> .shosts file.

Don't use .shosts, use key authentication. Although your key includes
a host name, ssh doesn't actually care if it's the one you're calling
from or not, so you can generate a key on one machine and carry it
around to others. Very useful if your home directory is shared between
several machines.

DES
-- 
Dag-Erling Smørgrav - dag-erli@ifi.uio.no