Subject: sshd at anoncvs.netbsd.org broke?
To: None <firstname.lastname@example.org>
From: gabriel rosenkoetter <email@example.com>
Date: 06/27/2002 11:50:47
Content-Type: text/plain; charset=us-ascii
First off, hope it's not got ChallengeResponseAuthentication set to
"yes" (note that you have to *force* this to no!):
grappa:dist/ssh# telnet anoncvs.netbsd.org 22
Connected to anoncvs.netbsd.org.
Escape character is '^]'.
That aside, I'd kind of like to do a cvs update, but:
grappa:dist/ssh# cat CVS/Root
grappa:dist/ssh# echo $CVS_RSH
grappa:dist/ssh# ssh -V
OpenSSH_3.2 NetBSD_Secure_Shell-20020422, SSH protocols 1.5/2.0, OpenSSL 0x=
grappa:dist/ssh# cvs update -dP
ssh_exchange_identification: Connection closed by remote host
cvs [update aborted]: end of file from server (consult above messages if an=
pserver works, but is obviously less desirable (especially for
things like src/crypto/dist/ssh, which is what I'm trying to update
in this example), since it's susceptible to mitm attacks.
What REALLY scares me about this is that I really doubt that
ChallengeResponseAuthentication is set to "no" on
anoncvs.netbsd.org, since it is, to all appearances, an otherwise-
default install. If that's the case, then what assurance does the
public have that these sources haven't been tampered with?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
-----END PGP SIGNATURE-----