Last I heard RMS wasn't to keen on OpenSSH. I don't think he said no, but
this came up some time ago and I think we decided to stick with Kerberos
and opie until lsh was ready. I forget the detail, a patent or something.
My understanding is that the GNU project can't use openssh until the
RSA patent expires.
IMO, the standard ought to be Kerberos (|Heimdal). [ls]sh just encrypts,
it doesn't do the authentication the way Kerberos does. I'm not wild
about having 47 different ways to get into these machines. I don't want
to sound like a BOFH but it is easier to manage 1 or 2 methods than
many.
If you have something that supports password authentication, you can
have it check the password by getting kerberos tickets. However, that
doesn't provide any mechanism for verifying that you're talking to the
real server and not some imposter.
When you use kerberos, the kdc sends a ticket to your workstation that
is encrypted in your password. The only thing your password is used
for when you type it in is to decrypt the message from the kdc. So if
you are dealing with a man in the middle attack, kerberos will just
fail to let you send your password to the imposter.
ssh has a mechanism to prevent man in the middle attacks after the
first time you connect, which is to save the public key of the server.
