On Thu, Aug 28, 2008 at 09:31:41PM +0200, Peter Palfrader wrote: > On Thu, 28 Aug 2008, Steve Langasek wrote:
>>> Ravel (...) Also, ssh logins are restricted to key based logins, >>> password based logins are not allowed. >> What's the reason for this authentication policy, which differs >> from (AFAIK) all developer-public debian.org hosts to date? Is >> this a sign of a broader policy change coming down the line? > It is. Limiting an attacker's ability to easily jump from one > compromised box to another is something we really want to have. Not > tomorrow, but eventually. I'm not sure the no-passwords policy helps much by itself; I get the impression people will just put a ssh key in their homes on Debian machines and add it to the authorized keys in LDAP. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
