From owner-freebsd-security  Mon Sep 10 10:11:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from male.aldigital.co.uk (male.aldigital.co.uk [213.129.64.13])
	by hub.freebsd.org (Postfix) with ESMTP id 9E42637B40C
	for <Freebsd-security@FreeBSD.ORG>; Mon, 10 Sep 2001 10:11:13 -0700 (PDT)
Received: from algroup.co.uk (sockittome.aldigital.co.uk [194.128.162.252])
	by male.aldigital.co.uk (Postfix) with ESMTP
	id 53E9E6A1411; Mon, 10 Sep 2001 17:11:11 +0000 (GMT)
Message-ID: <3B9CF42B.FDBF942A@algroup.co.uk>
Date: Mon, 10 Sep 2001 18:11:07 +0100
From: Adam Laurie <adam@algroup.co.uk>
X-Mailer: Mozilla 4.7 [en-gb] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Alex Holst <a@area51.dk>
Cc: Freebsd-security@FreeBSD.ORG
Subject: Re: allow selective RSA AUTH in sshd setup?
References: <001c01c1385e$d8e43400$f0f2a118@tampabay.rr.com> <Pine.BSF.4.10.10109101235200.46378-100000@federation.addy.com> <20010910180239.B59628@area51.dk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Alex Holst wrote:
> 
> Quoting Jim Sander (jim@federation.addy.com):
> >    By default, I bar key-based logins (RSAAuthentication no) so that I
> > don't have to worry about users keeping their ~/.ssh/authorized_keys
> > secure.
> 
> I assume you mean ~/.ssh/identity on the client side? If it's your server,
> you can enforce rules on authorized_keys. I'm somewhat puzzled as RSA keys
> are significantly stronger plain passwords. What do you use for
> authentication? SecurID? CryptoCard?

speaking of which, shouldn't the daily/weekly/monthly security checks
notify if authorized_keys has changed in the same way that it does for a
change of password?

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
The Stores                    http://www.thebunker.net
2 Bath Road                   http://www.aldigital.co.uk
London W4 1LT                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message