DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33279>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33279 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From [EMAIL PROTECTED] 2005-01-28 19:54 ------- The trust attribute does mean you trust that the remote host is who it says it is. Otherwise you need to set the knownhosts attribute to a knownhosts file, where the remote hosts identity can be verified by comparing it's public key to a previously cached public key from the same host. When you first connect to a host via ssh, you are prompted to accept the remote hosts public key. Setting trust="true" means that you are accepting the remote hosts public key or you are skipping the comparison of the remote hosts key with a previously cached key from the remote host. The OpenSSH manpage says "This authentication method closes security holes due to IP spoofing, DNS spoofing and routing spoof-ing." However, regardless of how you choose to verify that the remote host is who you think it is, the remote host does not trust that you are who you say you are, unless you provide the right password or key+passphrase. There are bassically two authentications that take place. 1) You authenticate the remote hosts via knownhosts and public key, to be sure that you are connecting to the machine that you think you are connecting to. (disabled by setting trust="true") 2) The remote host authenticates you via password or key+passphrase. I hope this helps clear things up. -Rob A -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
