OpenSSH daemon security bug?
Darren Tucker
dtucker at zip.com.au
Wed Jan 6 10:14:38 EST 2010
Davi Diaz wrote:
> Unfortunately we can not configure sshd to require both account-password and
> key authentication to be able to login. That maybe would help to solve the
> key management risk because at least we could automate the check to force the
> use of strong account-passwords in our policy security.
There's an enhancement request for this (which Damien and I plan to take
a look at next week).
https://bugzilla.mindrot.org/show_bug.cgi?id=983
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list