--- Brooks Davis <[EMAIL PROTECTED]> wrote: > On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: > These are valid if probably overly paranoid points. :) > Hmm... Oki Doke... But why use ssh, if u do not really care, if u connect to the right host? Maybe the postmen know telecom-men? ;-)
> > * But what if the postman (see first point) know already the host-key from > > reading the CD? Then he could log in to ur boxes... > > This isn't true. The host key lets you impersonate the host. It > does not do anything related to log in (unless you use host based > auth). > Ooch! I wrote something wrong. :-) Most likely I meant: If the postman knows the secret part of the host-key, his host could still pretend to be the real host... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
