Download OpenSSH through secure channel?

Ángel González keisial at gmail.com
Mon Oct 13 02:53:58 EST 2014


On 12/10/14 17:11, Ren Siyuan wrote:
> How do I trust the key then?

Travel to where they live, arrange a meeting where they can give
you the fingerprint of his gpg key (this way you).
Note they should also show you some id documents to verify that
you really are in front of the person you think you are (although
the name isn't that important, it's the fact that it's a openssh
developer that matters).

Or you can attempt to use the web-of-trust trying to know someone
who has signed the key of someone who has signed the key of one of
them…



More information about the openssh-unix-dev mailing list