https://bugzilla.novell.com/show_bug.cgi?id=671820
https://bugzilla.novell.com/show_bug.cgi?id=671820#c6
--- Comment #6 from Gilles Sabourin
From a security point of view, this new behavior is much more secured because it does not allow abuse of HostbasedAuthentication, which should be reserved only to system accounts. The former operation allowed unlimited access between 2 trusted hosts to ANY user account. But computer security has 2 components (human and machine) and can't rely solely on machine : there is no security (no access control) where you're allow everyone to go.
But, this substantial semantic change should have been at least : - documented in openssh changelog or in openssh web site and, - well tested so that this kind of "workaround" should have simply not been possible. Now you should contact an openssh developer to confirm that this is the intended operation for openssh > 5.6 If this is the case, then this bug report can be turned against openssh documentation and you can open a new bug report for the security leak. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.