ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 33279] - SSH2 Password Authentication is broken
Date Fri, 28 Jan 2005 18:54:38 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33279>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33279


riznob@hotmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




------- Additional Comments From riznob@hotmail.com  2005-01-28 19:54 -------
The trust attribute does mean you trust that the remote host is who it says it 
is. Otherwise you need to set the knownhosts attribute to a knownhosts file, 
where the remote hosts identity can be verified by comparing it's public key to 
a previously cached public key from the same host. When you first connect to a 
host via ssh, you are prompted to accept the remote hosts public key. Setting 
trust="true" means that you are accepting the remote hosts public key or you 
are skipping the comparison of the remote hosts key with a previously cached 
key from the remote host. The OpenSSH manpage says
     "This authentication method closes security holes due to IP spoofing,
      DNS spoofing and routing spoof-ing."
However, regardless of how you choose to verify that the remote host is who you 
think it is, the remote host does not trust that you are who you say you are, 
unless you provide the right password or key+passphrase. There are bassically 
two authentications that take place.
1) You authenticate the remote hosts via knownhosts and public key, to be sure 
that you are connecting to the machine that you think you are connecting to. 
(disabled by setting trust="true")
2) The remote host authenticates you via password or key+passphrase.

I hope this helps clear things up.

-Rob A

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message