git: SSHD - Change default security

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Sun Nov 15 11:28:19 PST 2009


justin at shiningsilence.com wrote:
    * Do not allow any login, root or otherwise, via tunneled plaintext
password (previously: non-root logins were allowed via plaintext password).
This means that people won't be able to ssh into a new DragonFly system
until keys for any given account have been created, correct?
Would it be worth changing the new user creation process to autocreate
keys too?  I'm trying to think of ways to reduce the (admittedly already
small) administrative overhead from this.
I think not allowing password-based logins will confuse a lot of people. 
 I don't think that even OpenBSD does this.

Maybe we should allow users to easily

1. enable OPIE (one time passwords) and
2. disable passwords for ssh
but best not make this a default.

cheers
  simon




More information about the Commits mailing list