git: SSHD - Change default security

Thomas E. Spanjaard tgen at netphreax.net
Sun Nov 15 12:11:43 PST 2009


Simon 'corecode' Schubert wrote:
> justin at shiningsilence.com wrote:
>> Would it be worth changing the new user creation process to autocreate
>> keys too?  I'm trying to think of ways to reduce the (admittedly already
>> small) administrative overhead from this.

I don't think it's unlikely for people to want to share keys between
hosts, and you still need to have a pubkey from $other_host in you
authorized_keys file.

> I think not allowing password-based logins will confuse a lot of people.
>  I don't think that even OpenBSD does this.
> 
> Maybe we should allow users to easily
> 
> 1. enable OPIE (one time passwords) and
> 2. disable passwords for ssh
> 
> but best not make this a default.

I'm for point 2, but ambivalent about point 1.

Cheers,
-- 
	Thomas E. Spanjaard
	tgen at netphreax.net
	tgen at deepbone.net

Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00002.pgp
Type: application/octet-stream
Size: 486 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/commits/attachments/20091115/4ef9519e/attachment-0020.obj>


More information about the Commits mailing list