Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-16 02:19:06 CEST

Brian Behlendorf <brian@collab.net> writes:
> On 15 Apr 2002, Perry E. Metzger wrote:
> > Certs are evil. SSH doesn't require them -- it just uses naked public
> > keys -- which is one reason people like it so much.
>
> I'm a bit confused - what's the difference between:

No certificates, just keys. No certs means no CAs. You can add access
to a machine by editing an authorized_keys file.

> There is a really good reason to not need SSH anymore - no more need for
> developer login accounts on repository boxes.

We have ways of doing that without eliminating ssh.

The real problem is that Apache is very large. It has to be to do all
that it does, but that means that it is hard to secure it because you
can't audit all the relevant code. Big is bad in security.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Apr 16 02:20:07 2002

This message: [ Message body ]
Next message: Brian Behlendorf: "Re: ssh based access?"
Previous message: Greg Hudson: "Re: ssh based access?"
In reply to: Brian Behlendorf: "Re: ssh based access?"
Next in thread: Brian Behlendorf: "Re: ssh based access?"
Reply: Brian Behlendorf: "Re: ssh based access?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]