Utility to scan for unpassworded SSH privkeys?
Nico Kadel-Garcia
nkadel at gmail.com
Sat May 25 13:02:46 EST 2013
On May 24, 2013, at 8:47, Stephen Frost <sfrost at snowman.net> wrote:
> * Nico Kadel-Garcia (nkadel at gmail.com) wrote:
>> It's a big reason that I encourage migration to Kerberos based
>> authentication wherever possible, but that doesn't work well for
>> Subversion or git authentication.
>
> ... it doesn't? Why not? Having a .k5login for the 'git' account is
> essentially the same as having an authorized_keys file for the same
> account.. I've not looked into it specifically, but the offhand comment
> above surprised me, so I'm curious what the specific issue there is.
This is the problem. Many people who've not actually tried it think "oh, that's easy, I'll just stitch together these bits I know".
> (I'm also a fan of encouraging Kerberos utilization whenever possible)
>
> Thanks,
>
> Stephen
More information about the openssh-unix-dev
mailing list