Date: Mon, 10 Sep 2001 18:11:07 +0100 From: Adam Laurie <adam@algroup.co.uk> To: Alex Holst <a@area51.dk> Cc: Freebsd-security@FreeBSD.ORG Subject: Re: allow selective RSA AUTH in sshd setup? Message-ID: <3B9CF42B.FDBF942A@algroup.co.uk> References: <001c01c1385e$d8e43400$f0f2a118@tampabay.rr.com> <Pine.BSF.4.10.10109101235200.46378-100000@federation.addy.com> <20010910180239.B59628@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Holst wrote: > > Quoting Jim Sander (jim@federation.addy.com): > > By default, I bar key-based logins (RSAAuthentication no) so that I > > don't have to worry about users keeping their ~/.ssh/authorized_keys > > secure. > > I assume you mean ~/.ssh/identity on the client side? If it's your server, > you can enforce rules on authorized_keys. I'm somewhat puzzled as RSA keys > are significantly stronger plain passwords. What do you use for > authentication? SecurID? CryptoCard? speaking of which, shouldn't the daily/weekly/monthly security checks notify if authorized_keys has changed in the same way that it does for a change of password? cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 The Stores http://www.thebunker.net 2 Bath Road http://www.aldigital.co.uk London W4 1LT mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B9CF42B.FDBF942A>