On Fri, Jul 24, 2015 at 09:40:53AM -0600, Chris Murphy wrote: > > would it be reasonable to expect the sort of user that wants to use > > SSH to be able to set that up? > No. PKA is an esoteric skill, and you're confused by thinking it's a > basic one. We could set up two-factor authentication with FreeOTP. Have the dialog provide a QR code for a) https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en https://itunes.apple.com/us/app/freeotp-authenticator/id872559395?mt=8 and then also a token. Leave the users' password as six letters or whatever, but also require this for SSH. Still a little esoteric, but provisioning is easier, and people are getting more used to it in general, hopefully. And as a bonus, this jumps us up to level 3 identity assurance, I believe. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
