Proposal Details

RFC 4252 Section 9 provides for "hostbased" authentication based on the private host key of the client. Currently the ssh implementation does not support this method.

I propose either the addition of this method, or allowing the implementation of the AuthMethod interface by clients. The former would strengthen compliance of the RFC as the authentication method is indeed deemed OPTIONAL. The latter option would allow for customize-ability by consumers of the package (at their own peril, of course).

To my naive eyes, the message format for "hostbased" per the RFC is not too dissimilar to standard private key based authentication. Given the security concerns expressed towards the end of section 9, it may be desirable to mark this method insecure.

My particular use case involves connecting to machines within a well guarded internal network where host-based auth is the expected standard.

I am open to contribute time/code to the implementation of this.