--6sX45UoQRIJXqkqR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

First off, hope it's not got ChallengeResponseAuthentication set to
"yes" (note that you have to *force* this to no!):

grappa:dist/ssh# telnet anoncvs.netbsd.org 22
Trying 204.152.184.161...
Connected to anoncvs.netbsd.org.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.0.2 NetBSD_Secure_Shell-20011206

That aside, I'd kind of like to do a cvs update, but:

grappa:dist/ssh# cat CVS/Root
anoncvs@anoncvs.netbsd.org:/cvsroot
grappa:dist/ssh# echo $CVS_RSH
/usr/bin/ssh
grappa:dist/ssh# ssh -V
OpenSSH_3.2 NetBSD_Secure_Shell-20020422, SSH protocols 1.5/2.0, OpenSSL 0x=
0090602f
grappa:dist/ssh# cvs update -dP
ssh_exchange_identification: Connection closed by remote host
cvs [update aborted]: end of file from server (consult above messages if an=
y)

pserver works, but is obviously less desirable (especially for
things like src/crypto/dist/ssh, which is what I'm trying to update
in this example), since it's susceptible to mitm attacks.

What REALLY scares me about this is that I really doubt that
ChallengeResponseAuthentication is set to "no" on
anoncvs.netbsd.org, since it is, to all appearances, an otherwise-
default install. If that's the case, then what assurance does the
public have that these sources haven't been tampered with?

--=20
gabriel rosenkoetter
gr@eclipsed.net

--6sX45UoQRIJXqkqR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9GzRX9ehacAz5CRoRAjNJAKCeUFv1UwZ7g0qhsyYXC98LLA8uxgCfWHwm
z4tVOsSUx7eae4wJavhzUTk=
=0Nwg
-----END PGP SIGNATURE-----

--6sX45UoQRIJXqkqR--