On Thu, Dec 5, 2019 at 9:02 AM John M. Harris Jr <joh...@splentity.com> wrote:
> Please don't recommend to anyone to use passwords for SSH. That is incredibly > insecure, and if privileged users are using password-based SSH, that'll > quickly lead to a serious compromise of your entire system, depending on the > complexity of the password, of course, but still holds nothing to key-based > authentication with the best password. I was merely pointing out the options. Believe me, for SSH, I've seen them some very astute and some quite foolish authentication practices since I published the first public ports of ssh-1 and ssh-2 to SunOS back in the 90's. > > In common usage, very few people encrypt their home directories > > separately from their basic disk image. It makes system management for > > administrators or even a local root user very awkward. I could see it > > for home directories in "/home", and it would only cost SSH key based > > access, not ordinary password or Kerberos ticket based login. But it > > sounds quite risky and destabilizing, much as the "kill dangling > > processes when people log out". That caused a lot of shock when it > > was activated by default and started killing processes with no > > logging. Let's not repeat a surprise like that and avoid killing SSH > > key access by default. > > A bit off topic, but where is "kill danging processes when people log out" > set? I've not experienced that anywhere. Sorry, should have spelt that "dangling". systemd does so by default based on a compile-time option, and for a time Fedora had it enabled by default. After quite a furor, elected to disable this normally unwelcome feture by default, See /etc/systemd/logind.conf.for the "#KillUserProcesses=no" line. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
