Host-based authentication. This
method allows you to avoid specifying any secret information about the SSH
client. Host-based authentication method trusts the relationships between
hosts and does not require you to prove your identity.
The SSH server host authenticates by verifying the following:
The identity of the client host using the client's host public
key file, which the system manager maintains in the known hosts
database. The directory [TCPIP$SSH.SSH2.KNOWNHOSTS] contains public
keys for all client hosts that use the host-based authentication method to
connect to the server.
That the client host belongs to the trusted hosts list,
which the system manager maintains on the server. This list of trusted hosts
enables you to log in to the server without proving your identity.
Optionally, you can restrict users to only certain user names
on the client host.
If any of these authentication checks fail, the connection is refused.
An advantage of this method is that it does not require the client to type
a password or passphrases or to generate, distribute, and maintain keys. This
is convenient for batch processing. One disadvantage, however, is a reliance
on the identification of the host.
This method requires that the server manager maintain two pieces of
The known hosts database, which contains the public key files
of remote hosts.
A trusted hosts file, which lists the trusted hosts (and,
optionally, the user names).