On Mon, Mar 13, 2000 at 07:52:04PM -0500, Phillip Rulon wrote:
> Will we also be putting OpenSSH on there? That's what we've got on
> subversions, and it would be nice have a standard. When I looked this
> weekend, the lsh pages also said that the current versions should not be
> expected to provide any security.
> IMO, the standard ought to be Kerberos (|Heimdal). [ls]sh just encrypts,
> it doesn't do the authentication the way Kerberos does. I'm not wild
> about having 47 different ways to get into these machines. I don't want
> to sound like a BOFH but it is easier to manage 1 or 2 methods than
> many.
The best way to setup OpenSSH to get it close to the kerberos
authentication reliability is to require that people send `identity.pub'
- That way the client's RSA key has to match. There's no forwarding and
such, though.
--
There is no sin except stupidity.
- Oscar Wilde
