[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anoncvs ssh keys?

To: Misc OpenBSD <misc@openbsd.org>
Subject: Re: anoncvs ssh keys?
From: Josh Jore <josh@greentechnologist.org>
Date: Sun, 1 Sep 2002 09:38:51 -0500 (CDT)

Chris Humphries writes:
>Christian Weisgerber writes:
> > Josh Jore <josh@greentechnologist.org> wrote:
> > > I was wondering - is there any place where the OpenBSD cvs servers'
> > > ssh keys are kept?
> > No.
> > And if you worry about this, I suggest you first worry about those
> > servers authenticating their respective upstream servers.
> we're just supposed to trust. that is all you can do.

That's too bad. While I'm forced to trust that the various servers are
maintained correctly it's a pain having to take that initial fingerprint
for granted. As I was agreeing to use that key I was also mindful of
whatever that trojan thing was earlier this month. While (again) I'd have
to trust the ssh keys wherever they were kept it would (I trust, again) be
more difficult for someone hostile to get that other server as well.

Oh well. I just thought that perhaps it was already out there and I just
didn't notice it. (except for just doing a scan-ssh and keeping the
fingerprints myself)

Joshua b. Jore -{ weird geeky madness }-> http://www.greentechnologist.org

Follow-Ups:
- Re: anoncvs ssh keys?
  - From: Josh Jore <josh@greentechnologist.org>

Prev by Date: Re: how to repeat a last command
Next by Date: How to enable colors when connecting remotly to a box
Prev by thread: Re: anoncvs ssh keys?
Next by thread: Re: anoncvs ssh keys?
Index(es):
- Date
- Thread