[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: gEDA-user: polygon regression in pcb+gl

Peter Clifton:
...
> generate, and setup .ssh/config with these lines:
> 
> """
> Host git.gpleda.org
> 
>     Port 5022
>     RSAAuthentication yes
>     IdentityFile ~/.ssh/keys/id_rsa.gpleda.org
> """
...

Don't you know that protocol version 1 i vulnerable for a
man-in-the-middle attack?

$ man ssh_config | grep -A 5 '\bRSAAuthentication$'
     RSAAuthentication
             Specifies whether to try RSA authentication.  The argument to
             this keyword must be ``yes'' or ``no''.  RSA authentication will
             only be attempted if the identity file exists, or an authentica-
             tion agent is running.  The default is ``yes''.  Note that this
             option applies to protocol version 1 only.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1473

Regards,
/Karl Hammar

-----------------------------------------------------------------------
Aspö Data
Lilla Aspö 148
S-742 94 Östhammar
Sweden
+46 173 140 57




_______________________________________________
geda-user mailing list
geda-user@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-user