Re: CVS security

[horio shoichi]

Mitch Davis wrote: > > horio shoichi wrote: > > > > For ssh, users are authenticated with only RSA (i.e., no password), > > Much as I hate being a terminology twerp (and possibly an > incorrect one), RSA is encryption, not authentication. The > authentication is done using the RSA encryption of a random > number. > Thanks for your pointing out. I meant RSAAuthentication of ssh/sshd parameters but no other. Man ssh; man sshd. > > sshd is run from inetd with option -iq. I am not planning to allow > > any port forwarding. The users are allowed to, other than cvs tree, > > modify their own authorized_keys files directly (in other words, it's > > hard to stop this, due to the nature of ssh). > > If you compile your own sshd, which does NOT look in $HOME/.ssh No, I don't need compile myself (actually I did, though). > but in some system-controlled place, you will have fixed this What problem ? Since sshd is chrooted, $HOME should be in the same chrooted space. Why do you think recompiling that weird way is necessary ? > problem. The other part of the puzzle is how they contribute What puzzle ? What do -they- mean ? What contributes (?) public key ? I don't see what you are talking. > their public key, and I would suggest setting up a web form > similar to how you can submit a public key to SourceForge.net. Since identity.pub, hence authorized_keys, do not belong to me, I think I should not follow your suggestion. But anyway thanks. horio shoichi > Regards, > > Mitch. > -- > | mailto:[EMAIL PROTECTED] | Not the official view of: | > | mailto:[EMAIL PROTECTED] | Australian Calculator Opn | > | Certified Linux Evangelist! | Hewlett Packard Australia |