DragonFly BSD
DragonFly commits List (threaded) for 2009-11
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: git: SSHD - Change default security

From: "Thomas E. Spanjaard" <tgen@xxxxxxxxxxxxx>
Date: Sun, 15 Nov 2009 20:08:01 +0000

Simon 'corecode' Schubert wrote:
> justin@shiningsilence.com wrote:
>> Would it be worth changing the new user creation process to autocreate
>> keys too?  I'm trying to think of ways to reduce the (admittedly already
>> small) administrative overhead from this.

I don't think it's unlikely for people to want to share keys between
hosts, and you still need to have a pubkey from $other_host in you
authorized_keys file.

> I think not allowing password-based logins will confuse a lot of people.
>  I don't think that even OpenBSD does this.
> Maybe we should allow users to easily
> 1. enable OPIE (one time passwords) and
> 2. disable passwords for ssh
> but best not make this a default.

I'm for point 2, but ambivalent about point 1.

	Thomas E. Spanjaard

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]