[Asterisk-Users] asterisk@home scary log

Tzafrir Cohen tzafrir at cohens.org.il
Fri Feb 11 03:21:45 MST 2005


On Thu, Feb 10, 2005 at 01:30:03PM -0600, Steven Critchfield wrote:

> If you are going to rely on keys, you need to have both directions
> identified. Nothing like sending a valid key to a man-in-the-middle. 

That's indeed one atvantage of keys over passwords. Even if the server
is compromised, your secret keys are safe. The server only needs to know
your public keys, and some proofs that you have the matching private key
(using it to sign some random data the server sends).

Anyway, with ssh you'll normally be notified of a spoofed host, because
the host key won't match. A decent ssh client won't let you to connect
or will give you a very nasty warning. Unless it is the first time you
connect from that host/account to the server.

sshophilicly yours

-- 
Tzafrir Cohen         | New signature for new address and  |  VIM is
http://tzafrir.org.il | new homepage                       | a Mutt's  
tzafrir at cohens.org.il |                                    |  best
ICQ# 16849755         | Space reserved for other protocols | friend



More information about the asterisk-users mailing list