Re: making the passphrase prompt more clear

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Sep 4, 2014 at 6:11 AM, shawn wilson <ag4ve.us@xxxxxxxxx> wrote:
> This got me thinking, shouldn't this go through PAM so that password
> strength restrictions can be set as well? Obviously most ssh keys are
> created locally. But, if this were implemented, I think most distros
> would adopt the same strength criteria on this as they do with passwd
> and the like.

That... sounds wildly off-topic from the original note, and extremely
fragile. You'd have to route the existing 'ssh-keygen' tool, which is
an entirely local, well contained, and very stable tool, through PAM,
which is in itself a maintenance and configuration nightmare. If you
think I'm kidding, just *look* at the contents of /etc/pam.d, and the
necessary changes for requirements such as password length or mixed
case policy, and their instability when modified by tools such as
"authconfig" in the Red Hat Linux world. On top of that, modifying
them locally for desired ssh-keygen policy would require hand-editing
the /etc/pam.d files.

I wouldn't encourage it for ssh-keygen, which works very reliably as is.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux