git: SSHD - Change default security
Matthew Dillon
dillon at apollo.backplane.com
Sun Nov 15 12:21:23 PST 2009
:
:> * Do not allow any login, root or otherwise, via tunneled plaintext
:> password (previously: non-root logins were allowed via plaintext password).
:
:This means that people won't be able to ssh into a new DragonFly system
:until keys for any given account have been created, correct?
Unless they go in and change /etc/ssh/sshd_config, which isn't much
different then what people had to do before when root logins weren't
being allowed by any means.
Generally speaking something like the 'rconfig' utility could be used
to pull a configuration from another machine, verses pushing it via
ssh. There is no need to type a key in by hand, the new machine's
ability to access external networks is not effected.
:Would it be worth changing the new user creation process to autocreate
:keys too? I'm trying to think of ways to reduce the (admittedly already
:small) administrative overhead from this.
That's a hard call because entropy is not necessarily in a good place
during the installation process. I suppose by the end of the
installation process it would be reasonable. I dunno.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Commits
mailing list