OpenSSH daemon security bug?
Davi Diaz
davi at leals.com
Wed Jan 6 04:13:41 EST 2010
Mark Janssen wrote:
> > co-worker wrote:
> >> I am all for encouraging key-based logins, but I think disabling
> >> password logins completely actually reduces security.
>
> I must agree here, while keys are better then passwords, it's
> impossible to enforce passphrase quality on keys, while it is possible
> to enforce some quality on passwords.
OK, If all users agree about following the security policy I would be in
favour to allow ssh-key access, blocking the password one by being less
secure.
If users does not agree, I would be even against adding ssh-key access to the
current password based access because ssh-key without a good key policy
management is less secure even if the public key has to be included in
the 'authorized_keys' file on the server.
More information about the openssh-unix-dev
mailing list