Date: Thu, 13 Dec 2001 17:01:13 +0000 From: Rasputin <rasputin@submonkey.net> To: Rob Andrews <rob@cyberpunkz.org> Cc: security@freebsd.org Subject: Re: Question about sshd... Message-ID: <20011213170113.A36344@shikima.mine.nu> In-Reply-To: <20011213102109.A18375@switchblade.cyberpunkz.org>; from rob@cyberpunkz.org on Thu, Dec 13, 2001 at 10:21:09AM -0600 References: <20011213102109.A18375@switchblade.cyberpunkz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Rob Andrews <rob@cyberpunkz.org> [011213 16:28]: > I am wondering if there is a way or if there has been consideration > of a way to impliment login permissions based upon user authentication > via sshd (openssh 3.0.2) > > The reason I am asking is because I want to force all staff members to > login through the system based upon their generated keypairs such as a > RSA or DSA keypair. Users since they have very limited access I am not > as worried about an account compromise. But if a staff users account > on a machine is compromised then I at least want someone to have to have > worked for it to even get logged into the system. > > I'd heard talk from someone else that they were interested in patching > opensshd to do just this. so you could create a rule in the config > for an allowed user and say a 'without-password' option such as there > is allowed for root. Is there a reason you can't use the usual RSA authentication methods for this? That doesn't rely on system passwords, just the private keyfile. -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011213170113.A36344>