On Thu, Sep 4, 2014 at 7:08 AM, shawn wilson <ag4ve.us@xxxxxxxxx> wrote: > On Thu, Sep 4, 2014 at 6:59 AM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: >> On Thu, Sep 4, 2014 at 6:11 AM, shawn wilson <ag4ve.us@xxxxxxxxx> wrote: >>> This got me thinking, shouldn't this go through PAM so that password >>> strength restrictions can be set as well? Obviously most ssh keys are >>> created locally. But, if this were implemented, I think most distros >>> would adopt the same strength criteria on this as they do with passwd >>> and the like. >> >> That... sounds wildly off-topic from the original note, > > Ah sorry, I should've modified the subject - figured the fwd would > give the email a new id. > >> and extremely >> fragile. You'd have to route the existing 'ssh-keygen' tool, which is >> an entirely local, well contained, and very stable tool, through PAM, >> which is in itself a maintenance and configuration nightmare. > > There is already kind of the configuration option to do this: --with-pam As far as I can tell, that's for sshd, which is a very, very different tool. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev