Re: Openssh 3.9p1

From: Greg Norris (haphazard_at_kc.rr.com)
Date: 08/21/04

  • Next message: k l: "starting remote server(s) with ssh"
    Date: Sat, 21 Aug 2004 08:50:54 -0500
    To: Troy.Wilson@chi.frb.org
    
    

    That's actually a successful verification, as indicated by the "Good
    signature from" line. The problem is in the web-of-trust... Damien's
    key isn't signed by any trusted keys present in your keyring. What I
    normally do in this situation, assuming I'm confident of the key's
    legitimacy, is to add a non-exportable signature.

       gpg --lsign-key 86FF9C48

    On Fri, Aug 20, 2004 at 11:47:48AM -0500, Troy.Wilson@chi.frb.org wrote:
    > Has anyone else warning for signature verification. I might be doing
    > something wrong, but it seems like the archive was not signed using the
    > public key. Here what I did:
    > I download the file DJM-GPG-KEY.asc and did a gpg --import to import the
    > public key.
    > I then did a gpg --verify openssh-3.9p1.tar.gz.sig openssh-3.9p1.tar.gz
    > I get the following output:
    >
    > # gpg --verify openssh-3.9p1.tar.gz.sig openssh-3.9p1.tar.gz
    > gpg: Signature made Tue Aug 17 07:55:13 2004 CDT using DSA key ID 86FF9C48
    > gpg: Good signature from "Damien Miller (Personal Key) <djm@mindrot.org>"
    > gpg: WARNING: This key is not certified with a trusted signature!
    > gpg: There is no indication that the signature belongs to the
    > owner.
    > Primary key fingerprint: 3981 992A 1523 ABA0 79DB FC66 CE8E CB03 86FF
    > 9C48
    >
    >
    >
    >
    > Troy Wilson
    > Technology Group
    > Systems Administrator
    > 312-322-5606


  • Next message: k l: "starting remote server(s) with ssh"