Jim Popovitch wrote: > > ALLOW rules and SSH-keys. > > Is there a way to force keys AND passwd verification?
Normally you'd want to DISABLE PasswordAuthentication and ChallengeResponseAuthentication - unless you have a special and well-maintained setup like e.g. One-Time-Pads or such - because both can potentially be brute-forced way faster than SSH-keys..unless you happen to use a key generated with one of those "funny" buggy random-sources from the past, in which case a well-maintained sshd nowadays will simply reject your key. Something that would indeed be interesting is a way to enforce that the PRIVATE KEY is password-protected - sadly, you can't see this from the public key, and I'm not aware of any possibility to query the client concerning this specific matter. Sebastian -- baboo -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
