Re: git: SSHD - Change default security
justin@shiningsilence.com wrote:
>> * Do not allow any login, root or otherwise, via tunneled plaintext
>> password (previously: non-root logins were allowed via plaintext password).
>
> This means that people won't be able to ssh into a new DragonFly system
> until keys for any given account have been created, correct?
>
> Would it be worth changing the new user creation process to autocreate
> keys too? I'm trying to think of ways to reduce the (admittedly already
> small) administrative overhead from this.
I think not allowing password-based logins will confuse a lot of people.
I don't think that even OpenBSD does this.
Maybe we should allow users to easily
1. enable OPIE (one time passwords) and
2. disable passwords for ssh
but best not make this a default.
cheers
simon
討論串 (同標題文章)
完整討論串 (本文為第 3 之 9 篇):