This got me thinking, shouldn't this go through PAM so that password
strength restrictions can be set as well? Obviously most ssh keys are
created locally. But, if this were implemented, I think most distros
would adopt the same strength criteria on this as they do with passwd
and the like.
---------- Forwarded message ----------
From: Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>
Date: Wed, Sep 3, 2014 at 11:39 AM
Subject: Re: making the passphrase prompt more clear
To: Alex Bligh <alex@xxxxxxxxxxx>, Nico Kadel-Garcia <nkadel@xxxxxxxxx>
Cc: Aidan Feldman <aidan.feldman@xxxxxxxxx>,
"openssh-unix-dev@xxxxxxxxxxx" <openssh-unix-dev@xxxxxxxxxxx>
On 09/03/2014 07:42 AM, Alex Bligh wrote:
>
> On 3 Sep 2014, at 12:05, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:
>
>> What a *sensible* person! Kudos to you for catching just the sort of
>> thing that irritates or confuses people, especially new users.
>>
>> I'd suggest "Enter passphrase for key (empty for no passphrase)"
>
> +1 on both points. Save that I'd perhaps say
>
> "Enter new passphrase for key (empty for none)"
>
> "new" because otherwise it can be construed as asking for an
> existing passphrase, and "none" because it's shorter.
I like Alex's wording. It's concise, and it avoids the ambiguity of the
current prompt.
Thanks for raising this, Aidan!
--dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
