Subject: install/21627: ssh fingerprints for cvs servers needed
To: None <gnats-bugs@gnats.netbsd.org>
From: None <smb@research.att.com>
List: netbsd-bugs
Date: 05/20/2003 09:11:45
>Number: 21627
>Category: install
>Synopsis: ssh fingerprints for cvs servers needed
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: install-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue May 20 13:14:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Steven M. Bellovin
>Release: NetBSD 1.6.1_RC2
>Organization:
AT&T Labs Research
>Environment:
System: NetBSD berkshire.research.att.com 1.6.1_RC2 NetBSD 1.6.1_RC2 (BERKSHIRE.nosound) #9: Tue Mar 4 09:42:32 EST 2003 smb@berkshire.research.att.com:/usr/src/sys/arch/i386/compile/BERKSHIRE.nosound i386
Architecture: i386
Machine: i386
>Description:
We need to publish the ssh fingerprints of all of our CVS
servers. Someone connecting has no way to verify that they're
reaching the right server. I suggest that the file be on
the NetBSD web site (linked-to from everywhere that talks about
anonymous CVS over ssh), *plus* on all distribution CDs, which
means that they should be in the installation sets.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: