[brlug-general] The danger of SSH keys..
scotth at scottharney.com
Mon Jan 22 09:25:47 CST 2007
Dustin Puryear wrote:
> Other than making a policy of "Put passwords on your SSH keys", how do
> you handle the danger of some users potentially not using passwords on
> their keys?
A site I work at has external ssh gateways that require keys and then
require the user to login against the local password database. It was
done with commercial SSH on unix as there was no option to do this
multiple authentication technique with openssh at the time. I believe
it is possible now.
> I'm interested in real-world ways to manage this issue. Policy
> statements don't cut it for me. :)
> If I have a system that doesn't allow keys, I can check for weak
> passwords in the local system password database using various tools.
> But I can't really *ENFORCE* a check against user keys (i.e., I can't
> check for weak passwords or no passwords).
> How are you dealing with this?
> Puryear Information Technology, LLC
> Baton Rouge, LA * 225-706-8414
> "Best Practices for Managing Linux and UNIX Servers"
> "Spam Fighting and Email Security in the 21st Century"
> Download your free copies:
> General mailing list
> General at brlug.net
More information about the General