[EMAIL PROTECTED] on 05/31/2000 03:22:06 AM >I don't understand this discussion. checking usernames doesn't make anything more secure. what needed >is the integration of managed Public Key Infrastructure software into SSH. I disagree. SSH will be more secure against those not knowing how to spoof usernames and against those giving their keys away if it can limit the use of keys only to specific users. I understand that this may not buy much in a very insecure environment, but, it may be enough in some environments. The same can be said of limiting key use by client hostname. Looking at it from another view, will such a patch /decrease/ SSH security? I don't think it will, but it's possible I'm wrong. If I am, noone has yet pointed out how/why it would be less secure. And, if someone does, their arguments must not be valid for limiting key use by hostname. I don't know much about PKI so I won't comment on it. Noel This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its subsidiaries and affiliates.
