git: SSHD - Change default security
Simon 'corecode' Schubert
corecode at fs.ei.tum.de
Sun Nov 15 11:28:19 PST 2009
justin at shiningsilence.com wrote:
* Do not allow any login, root or otherwise, via tunneled plaintext
password (previously: non-root logins were allowed via plaintext password).
This means that people won't be able to ssh into a new DragonFly system
until keys for any given account have been created, correct?
Would it be worth changing the new user creation process to autocreate
keys too? I'm trying to think of ways to reduce the (admittedly already
small) administrative overhead from this.
I think not allowing password-based logins will confuse a lot of people.
I don't think that even OpenBSD does this.
Maybe we should allow users to easily
1. enable OPIE (one time passwords) and
2. disable passwords for ssh
but best not make this a default.
cheers
simon
More information about the Commits
mailing list