From owner-freebsd-security  Mon Dec 18 11:41:52 2000
From owner-freebsd-security@FreeBSD.ORG  Mon Dec 18 11:41:49 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7])
	by hub.freebsd.org (Postfix) with ESMTP id 8185937B400
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Dec 2000 11:41:48 -0800 (PST)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id OAA43716;
	Mon, 18 Dec 2000 14:41:38 -0500
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p04330105b664186fb45b@[128.113.24.47]>
In-Reply-To: <20001218112434.C19572@fw.wintelcom.net>
References: 
 <Pine.BSF.4.21.0012172347240.48779-100000@security1.noc.flyingcroc.net>
 <20001218133716.A550@cg22413-a.adubn1.nj.home.com>
 <20001218104954.B19572@fw.wintelcom.net>
 <005a01c06924$77186340$ca00030a@seifried.org>
 <20001218112434.C19572@fw.wintelcom.net>
Date: Mon, 18 Dec 2000 14:41:35 -0500
To: Alfred Perlstein <bright@wintelcom.net>,
	Kurt Seifried <seifried@securityportal.com>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: woah
Cc: Moses Backman III <penguinjedi@home.com>,
	Todd Backman <todd@flyingcroc.net>, freebsd-security@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 11:24 AM -0800 12/18/00, Alfred Perlstein wrote:
>In a perfect world, you have your admin send you a pgp signed
>message with the server public key in it.  When you initially
>authenticate, you sure as hell make sure it matches.
>
>Not that difficult.

Not for those of you living in a perfect world.  In our (RPI)
world, we have a few thousand users, most of whom are not
doing anything with PGP.  Most of them do not really understand
that warning message, and the situation is not helped because
we (the administrators of a few hundred unix machines) do not
do a good job of keeping the ssh host-key constant.

Some of these issues are just tough to deal with in an
imperfect world...
-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message