[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cvs security - ssh vs pserver?



* Eric G. Miller <egm2@jps.net> [2001.11.27 19:41:23-0800]:
> Don't you mean the *public* key?  In fact, don't you want
> the server to have the public key of the user, and then that
> user has to use their private key and their passphrase to
> authenticate themselves to the CVS server via ssh?  I'm on
> the user end of such a setup, and I don't have any key for
> the server but it does have my public key.  Use ssh-agent
> to manage authentication/passphrase...

that's a good point. you can either generate a keypair on the server
and distribute the private key to multiple people, or you can create a
keypair per user and add all those public keys to authorized_keys(2).
there is no question that the second method is better. in fact, the
first one SUCKS and should not be used. with the second method, you
have more administrative overhead, but you can also just simply take
privileges away from a single user without anyone else having to worry
or changing passwords or getting a new identity or this or that.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
stay the patient course.
of little worth is your ire.
the network is down.

Attachment: pgp2_1jnk7uLE.pgp
Description: PGP signature


Reply to: