DragonFly commits List (threaded) for 2009-11
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: git: SSHD - Change default security

From:	"Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date:	Sun, 15 Nov 2009 20:27:20 +0100

justin@shiningsilence.com wrote:

    * Do not allow any login, root or otherwise, via tunneled plaintext
password (previously: non-root logins were allowed via plaintext password).


This means that people won't be able to ssh into a new DragonFly system
until keys for any given account have been created, correct?

Would it be worth changing the new user creation process to autocreate
keys too?  I'm trying to think of ways to reduce the (admittedly already
small) administrative overhead from this.

I think not allowing password-based logins will confuse a lot of people. I don't think that even OpenBSD does this.

Maybe we should allow users to easily

1. enable OPIE (one time passwords) and
2. disable passwords for ssh

but best not make this a default.

cheers
  simon

Follow-Ups:
- Re: git: SSHD - Change default security
  - From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: git: SSHD - Change default security
  - From: "Thomas E. Spanjaard" <tgen@netphreax.net>

References:
- git: SSHD - Change default security
  - From: Matthew Dillon <dillon@crater.dragonflybsd.org>
- Re: git: SSHD - Change default security
  - From: justin@shiningsilence.com

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]