Jim Popovitch wrote:
ALLOW rules and SSH-keys.
Is there a way to force keys AND passwd verification?
Normally you'd want to DISABLE PasswordAuthentication and
ChallengeResponseAuthentication - unless you have a special and well-maintained
setup like e.g. One-Time-Pads or such - because both can potentially be
brute-forced way faster than SSH-keys..unless you happen to use a key generated
with one of those funny buggy random-sources from the past, in which case a
well-maintained sshd nowadays will simply reject your key.
Something that would indeed be interesting is a way to enforce that the PRIVATE
KEY is password-protected - sadly, you can't see this from the public key, and
I'm not aware of any possibility to query the client concerning this specific
matter.
Sebastian
--
baboo
--
Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate
für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org