On Tuesday 12 July 2016 17:26:08 Stefan Monnier wrote: > I mean, yes, I can (and have) cobbled up some hackish way to plug the > holes I was aware of, but I think it would be better to be able to > specifically only allow weak password authentication for some specific > services and then stop worrying about which other services might still > use those weak password (su? telnetd? which other ones? how could > I find out?)
This is different from what you originally said. By all means discuss this general problem with the developers - but please don't single ssh out and mess it up for a good many of the rest of us. But why do you need weak passwords? I think we may have an x-y problem here, and weak passwords may not be the only/optimum solution to the problem you are trying to solve by having them. Weak passwords are a bad idea per se. Lisi
