Integrity protection of fetches
Till Maas
opensource at till.name
Fri Aug 6 07:16:39 UTC 2010
On Thu, Aug 05, 2010 at 04:32:36PM -0500, Mike McGrath wrote:
> On Thu, 5 Aug 2010, Till Maas wrote:
> > Yes ssh is secure if used properly. To get the proper known_hosts entry,
> > one has to download https://admin.fedoraproject.org/ssh_known_hosts btw.
> >
>
> We also use SSHFP records for those of you that want to enable
> VerifyHostKeyDNS yes in their ~/.ssh/config files. Not all of our hosts
> have it but many of our 'user' based external hosts do (pkgs,
> fedorapeople, fedorahosted, etc)
Afaik the SSHFP records are not protected against tampering by an MITM
attacker.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100806/b4f7f37e/attachment.bin
More information about the devel
mailing list