git: SSHD - Change default security
Thomas E. Spanjaard
tgen at netphreax.net
Sun Nov 15 12:11:43 PST 2009
Simon 'corecode' Schubert wrote:
> justin at shiningsilence.com wrote:
>> Would it be worth changing the new user creation process to autocreate
>> keys too? I'm trying to think of ways to reduce the (admittedly already
>> small) administrative overhead from this.
I don't think it's unlikely for people to want to share keys between
hosts, and you still need to have a pubkey from $other_host in you
authorized_keys file.
> I think not allowing password-based logins will confuse a lot of people.
> I don't think that even OpenBSD does this.
>
> Maybe we should allow users to easily
>
> 1. enable OPIE (one time passwords) and
> 2. disable passwords for ssh
>
> but best not make this a default.
I'm for point 2, but ambivalent about point 1.
Cheers,
--
Thomas E. Spanjaard
tgen at netphreax.net
tgen at deepbone.net
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00002.pgp
Type: application/octet-stream
Size: 486 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/commits/attachments/20091115/4ef9519e/attachment-0022.obj>
More information about the Commits
mailing list