Re: making the passphrase prompt more clear

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Sep 4, 2014 at 6:59 AM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:
> On Thu, Sep 4, 2014 at 6:11 AM, shawn wilson <ag4ve.us@xxxxxxxxx> wrote:
>> This got me thinking, shouldn't this go through PAM so that password
>> strength restrictions can be set as well? Obviously most ssh keys are
>> created locally. But, if this were implemented, I think most distros
>> would adopt the same strength criteria on this as they do with passwd
>> and the like.
>
> That... sounds wildly off-topic from the original note,

Ah sorry, I should've modified the subject - figured the fwd would
give the email a new id.

> and extremely
> fragile. You'd have to route the existing 'ssh-keygen' tool, which is
> an entirely local, well contained, and very stable tool, through PAM,
> which is in itself a maintenance and configuration nightmare.

There is already kind of the configuration option to do this: --with-pam

> If you
> think I'm kidding, just *look* at the contents of /etc/pam.d, and the
> necessary changes for requirements such as password length or mixed
> case policy, and their instability when modified by tools such as
> "authconfig" in the Red Hat Linux world. On top of that, modifying
> them locally for desired ssh-keygen policy would require hand-editing
> the /etc/pam.d files.
>
> I wouldn't encourage it for ssh-keygen, which works very reliably as is.

Well, is there another way to warn of weak passwords in ssh-keygen?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux