making the passphrase prompt more clear

Nico Kadel-Garcia nkadel at gmail.com
Fri Sep 5 00:43:08 EST 2014


On Thu, Sep 4, 2014 at 7:08 AM, shawn wilson <ag4ve.us at gmail.com> wrote:
> On Thu, Sep 4, 2014 at 6:59 AM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>> On Thu, Sep 4, 2014 at 6:11 AM, shawn wilson <ag4ve.us at gmail.com> wrote:
>>> This got me thinking, shouldn't this go through PAM so that password
>>> strength restrictions can be set as well? Obviously most ssh keys are
>>> created locally. But, if this were implemented, I think most distros
>>> would adopt the same strength criteria on this as they do with passwd
>>> and the like.
>>
>> That... sounds wildly off-topic from the original note,
>
> Ah sorry, I should've modified the subject - figured the fwd would
> give the email a new id.
>
>> and extremely
>> fragile. You'd have to route the existing 'ssh-keygen' tool, which is
>> an entirely local, well contained, and very stable tool, through PAM,
>> which is in itself a maintenance and configuration nightmare.
>
> There is already kind of the configuration option to do this: --with-pam

As far as I can tell, that's for sshd, which is a very, very different tool.


More information about the openssh-unix-dev mailing list