Re: [tlug] SSH Issues

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:

 > To be precise, he's not "running an authenticated server"; he, just like
 > the bad guy attacking you, is merely running a server. It's you that's
 > doing the authentication (or not, as the case may be).

Authentication is a cooperative act.  He has to do more than "just"
run a server, either he has to provide a CA-signed certificate or he
has to communicate with me.  AFAIK it is correct usage to say that the
server "authenticates its transmissions" by providing credentials
(even if I don't verify them) as well as to say that I "authenticate
the server" by verifying the credentials.  No?

 > On 2008-11-25 18:50 +0900 (Tue), Edward Middleton wrote:
 > 
 > > Obviously non-authenticated connection provides some utility in your
 > > situation but it is to security what a sheet of newspaper is to
 > > shelter.
 > 
 > I rather like that way of putting it.

I do too.  I've often rested on a bench with a newpaper over my face
as shelter from the sun.  You should try it sometime.  ;-)