[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-16 02:19:06 CEST

Brian Behlendorf <brian@collab.net> writes:
> On 15 Apr 2002, Perry E. Metzger wrote:
> > Certs are evil. SSH doesn't require them -- it just uses naked public
> > keys -- which is one reason people like it so much.
> I'm a bit confused - what's the difference between:

No certificates, just keys. No certs means no CAs. You can add access
to a machine by editing an authorized_keys file.

> There is a really good reason to not need SSH anymore - no more need for
> developer login accounts on repository boxes.

We have ways of doing that without eliminating ssh.

The real problem is that Apache is very large. It has to be to do all
that it does, but that means that it is hard to secure it because you
can't audit all the relevant code. Big is bad in security.

Perry E. Metzger		perry@wasabisystems.com
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 02:20:07 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.