This got me thinking, shouldn't this go through PAM so that password strength restrictions can be set as well? Obviously most ssh keys are created locally. But, if this were implemented, I think most distros would adopt the same strength criteria on this as they do with passwd and the like. ---------- Forwarded message ---------- From: Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> Date: Wed, Sep 3, 2014 at 11:39 AM Subject: Re: making the passphrase prompt more clear To: Alex Bligh <alex@xxxxxxxxxxx>, Nico Kadel-Garcia <nkadel@xxxxxxxxx> Cc: Aidan Feldman <aidan.feldman@xxxxxxxxx>, "openssh-unix-dev@xxxxxxxxxxx" <openssh-unix-dev@xxxxxxxxxxx> On 09/03/2014 07:42 AM, Alex Bligh wrote: > > On 3 Sep 2014, at 12:05, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: > >> What a *sensible* person! Kudos to you for catching just the sort of >> thing that irritates or confuses people, especially new users. >> >> I'd suggest "Enter passphrase for key (empty for no passphrase)" > > +1 on both points. Save that I'd perhaps say > > "Enter new passphrase for key (empty for none)" > > "new" because otherwise it can be construed as asking for an > existing passphrase, and "none" because it's shorter. I like Alex's wording. It's concise, and it avoids the ambiguity of the current prompt. Thanks for raising this, Aidan! --dkg _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev