Re: ssh based access?

On 15 Apr 2002, Perry E. Metzger wrote:
> Certs are evil. SSH doesn't require them -- it just uses naked public
> keys -- which is one reason people like it so much.

I'm a bit confused - what's the difference between:

[yez] 5:06pm ~ > ssh jakarta.apache.org
The authenticity of host 'jakarta.apache.org (63.251.56.142)' can't be established.
RSA1 key fingerprint is 25:f9:65:99:be:4a:2d:50:61:24:7c:24:11:ca:6a:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'jakarta.apache.org' (RSA1) to the list of known hosts.
brian@jakarta.apache.org's password:

and (not a real example)

[yez] 5:06pm ~ > svn checkout https://jakarta.apache.org/repos/
The authenticity of host 'jakarta.apache.org (63.251.56.142)' can't be established.
Unsigned server cert CN is "*.apache.org"
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently adding unverified server certificate for "*.apache.org"
password:

[etc]

Either your public keys are certified by a CA somewhere, or they aren't.
My understanding of all these issues may be imperfect, though.

There is a really good reason to not need SSH anymore - no more need for
developer login accounts on repository boxes.

        Brian

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 02:10:25 2002