[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Q: RSA Authentication vs. Password Authentication in SSH

>>>>> "kmself" == kmself  <kmself@ix.netcom.com> writes:

    kmself> Ok.  So, to ensure key integrity, I do what?

This is something (IMHO) ssh doesn't address satisfactory (Also I
often wonder why ssh needs to use a new key format of its own, rather
then reuse keys generated, say by gpg, where a web of trust can
exist).

There are some options:

- copy file via ssh using password authentication (this is the method
I usually use).

- ring up the administrator (how does he know that he is talking to
the right person?) and compare the fingerprints of the keys, before he
installs your key. A face to face meeting is generally considered even
more secure, where you can produce some photo-ID card to proof your
identity.

- send key that has been signed by PGP/GnuPG.

- probably lots of others that I may have missed.
-- 
Brian May <bam@debian.org>
Reply to: