On Fri, 23 Oct 2020, Jan Bergner wrote: > Hello Damien, Brian and all, > > thanks for the suggestions. I actually had not considered host-based > authentication and looked it up. > As I understand from my first quick reading, I would need to specify the > clients which are allowed to use host-based auth on the server with a DNS name > or an IP, which would not work for a client behind a CG NAT or in a cellular > network. > Or did I get this wrong? You can use the sshd_config HostbasedUsesNameFromPacketOnly option to turn off the DNS checking in host-based authentication and rely only on the correct key being presented (matching one in /etc/ssh/known_hosts). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev