On Sat, Dec 05, 2020 at 01:22:23PM -0500, Christopher Lemmer Webber wrote: > > 2. Change the default value of the relevant field in > > <openssh-configuration>. > > > > #2 is more thorough but also more risky: people could find themselves > > locked out of their server after reconfiguration, though this could be > > mitigated by a news entry.
I do think we should avoid changing the default. I know that passphrases are inherently riskier than keys — compromise is more likely than with a key, but I think it's even more likely that people will lose access to their servers if we change this default. How bad is the risk, from a practical perspective? How many times per second can a remote attacker attempt passphrase authentication? If the number is high, we could petition OpenSSH to introduce a delay.
