Hostbased SSH: A Better Alternative
Almost all SSH users are familiar with two modes of authentication over SSH: passwords and SSH keys. SSH supports another method that seems to be less well known: hostbased, which allows for users to ssh securely between cooperating hosts without providing a credential. It’s called hostbased because the client (source) host authenticates itself to the remote host, and the remote host then trusts the client to identify the user. The term “hostbased” is often employed to describe use of hostname or IP-address access control lists. That’s not what I’m talking about, so please keep reading.