Re: git: SSHD - Change default security
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1BB891F6F764CD8293D0C9CE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Simon 'corecode' Schubert wrote:
> justin@shiningsilence.com wrote:
>> Would it be worth changing the new user creation process to autocreate=
>> keys too? I'm trying to think of ways to reduce the (admittedly alrea=
dy
>> small) administrative overhead from this.
I don't think it's unlikely for people to want to share keys between
hosts, and you still need to have a pubkey from $other_host in you
authorized_keys file.
> I think not allowing password-based logins will confuse a lot of people=
=2E
> I don't think that even OpenBSD does this.
>=20
> Maybe we should allow users to easily
>=20
> 1. enable OPIE (one time passwords) and
> 2. disable passwords for ssh
>=20
> but best not make this a default.
I'm for point 2, but ambivalent about point 1.
Cheers,
--=20
Thomas E. Spanjaard
tgen@netphreax.net
tgen@deepbone.net
--------------enig1BB891F6F764CD8293D0C9CE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
iQEcBAEBAgAGBQJLAF+lAAoJEKE55rmjwpbTNWEIAJJmNJxeklSBjJ5rdUdlwpIB
o2ckVQtde2nHdIK3QSPprg3H5Yo1ugjZ5NLUQnmZCd/JjeuCKQDyXbWyhdzCimyh
5+9GB9KViLpw3u6tL+XBP8a5fc9ThwepFZdcbhObcwxrfIDpqJxcpUPlYJZ4yeo6
EMagNN9MgKGlTkbCB3ZdIFY5wQ1Oxb62PMUDgRo9DFdMUk3rGUbfIB7p3wmoNNC8
Q3FtAmwQ1cBa2sGBLPJgGTSTtx7O9WXsDscF0vs4viz61JSw+giDggx9EfJHbjA7
EgpEtmhe498bMK1+UYRwlcB14YVsQUUtyKkjcAjCAS8/4g47Nv2yMN7nsH3NWQw=
=xBff
-----END PGP SIGNATURE-----
--------------enig1BB891F6F764CD8293D0C9CE--
討論串 (同標題文章)
完整討論串 (本文為第 4 之 9 篇):