This was fixed upstream in OpenSSH 6.8, which is in Ubuntu 15.10 and newer:
https://anongit.mindrot.org/openssh.git/commit/?id=1195f4cb07ef4b0405c839293c38600b3e9bdb46 ** Changed in: openssh (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1389167 Title: HostbasedAuthentication produces spurious warnings Status in openssh package in Ubuntu: Fix Released Bug description: Ubuntu 14.04.1 LTS openssh-client 1:6.6p1-2ubuntu2 We have HostbasedAuthentication set up in our environment so that users can ssh between equivalent hosts without a password. ssh_config contains (relevantly) HostbasedAuthentication yes PreferredAuthentications publickey,hostbased,password,keyboard-interactive EnableSSHKeysign yes sshd_config contains (relevantly) HostbasedAuthentication yes This works: ocelot:~$ ssh othermc othermc:~$ However, ssh-ing as an alternative user produces additional warning messages before the expected password prompt: ocelot:~$ ssh otheruser@othermc no matching hostkey found ssh_keysign: no reply key_sign failed otheruser@othermc's password: If instead of relying on EnableSSHKeysign in ssh_config I make the ssh binary setuid: chmod u+s /usr/bin/ssh ...the extra warnings go away and I get what I expect: ocelot:~$ ssh otheruser@othermc otheruser@othermc's password: This makes me suspect that there may be a problem with ssh-keysign. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1389167/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
