From owner-freebsd-security  Mon Sep 10  9:52:59 2001
Delivered-To: freebsd-security@freebsd.org
Received: from federation.addy.com (addy.com [208.11.142.20])
	by hub.freebsd.org (Postfix) with ESMTP id 9809A37B401
	for <Freebsd-security@FreeBSD.ORG>; Mon, 10 Sep 2001 09:52:55 -0700 (PDT)
Received: from localhost (jim@localhost)
	by federation.addy.com (8.9.3/8.9.3) with ESMTP id MAA48021
	for <Freebsd-security@FreeBSD.ORG>; Mon, 10 Sep 2001 12:53:35 -0400 (EDT)
	(envelope-from jim@federation.addy.com)
Date: Mon, 10 Sep 2001 12:53:35 -0400 (EDT)
From: Jim Sander <jim@federation.addy.com>
To: Freebsd-security@FreeBSD.ORG
Subject: allow selective RSA AUTH in sshd setup?
In-Reply-To: <001c01c1385e$d8e43400$f0f2a118@tampabay.rr.com>
Message-ID: <Pine.BSF.4.10.10109101235200.46378-100000@federation.addy.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

   By default, I bar key-based logins (RSAAuthentication no) so that I
don't have to worry about users keeping their ~/.ssh/authorized_keys
secure. (expecting good key management of people who if left on their own
would choose 'me' as their password is probably a bad idea) For most
people who never touch a shell anyway, this is fine. But I do want to
allow certain users who at least marginally know what their doing the
benefit of using this feature.

   Anyone know a simple and effective way to do this?

-=Jim=-


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message