OpenSSH daemon security bug?

[Damien Miller]

On Tue, 5 Jan 2010, Davi Diaz wrote:

> Unfortunately we can not configure sshd to require both
> account-password and key authentication to be able to login. That
> maybe would help to solve the key management risk because at least we
> could automate the check to force the use of strong account-passwords
> in our policy security.

Watch activity on https://bugzilla.mindrot.org/show_bug.cgi?id=983 if
you are interested in progress on this feature.

-d