DragonFly commits List (threaded) for 2009-11
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: git: SSHD - Change default security

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Sun, 15 Nov 2009 12:20:59 -0800 (PST)

:
:>     * Do not allow any login, root or otherwise, via tunneled plaintext
:> password (previously: non-root logins were allowed via plaintext password).
:
:This means that people won't be able to ssh into a new DragonFly system
:until keys for any given account have been created, correct?

    Unless they go in and change /etc/ssh/sshd_config, which isn't much
    different then what people had to do before when root logins weren't
    being allowed by any means.

    Generally speaking something like the 'rconfig' utility could be used
    to pull a configuration from another machine, verses pushing it via
    ssh.  There is no need to type a key in by hand, the new machine's
    ability to access external networks is not effected.

:Would it be worth changing the new user creation process to autocreate
:keys too?  I'm trying to think of ways to reduce the (admittedly already
:small) administrative overhead from this.

    That's a hard call because entropy is not necessarily in a good place
    during the installation process.  I suppose by the end of the
    installation process it would be reasonable.  I dunno.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

References:
- git: SSHD - Change default security
  - From: Matthew Dillon <dillon@crater.dragonflybsd.org>
- Re: git: SSHD - Change default security
  - From: justin@shiningsilence.com

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]