Date: Mon, 10 Sep 2001 14:22:56 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: Alex Holst <a@area51.dk> Cc: <Freebsd-security@FreeBSD.ORG> Subject: Re: allow selective RSA AUTH in sshd setup? Message-ID: <20010910141822.M85958-100000@localhost> In-Reply-To: <20010910232117.A82808@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Sep 2001, Alex Holst wrote: > Using RSA keys gives you two factors of protection. Using passwords gives > you one factor. > > Allow me to introduce you to the concept of a 'security policy.' -- those > who fail to understand and follow it will be escorted out of the building. > If management support for this approach does not come through then whatever > you are trying to protect can't be all that important. The difficulty in security policy comes with verifying the security policy. There's no way to know that whoever generated the key set a good password, or any password at all, unless you watch them create it. At least with 'passwd' you can try to ensure secure passwords, and with sshd you can deny empty passwords. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010910141822.M85958-100000>