[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAGE] The danger of SSH keys..
Make it so people only have access to a keygen binary that requires a
password. I'm aware of a large company that does this fairly
successfully. Could get unwieldy as you need to cover all the
possible OSs that people might use to generate...
On 1/22/07, Dustin Puryear <dustin@puryear-it.com> wrote:
> Other than making a policy of "Put passwords on your SSH keys", how do
> you handle the danger of some users potentially not using passwords on
> their keys?
>
> I'm interested in real-world ways to manage this issue. Policy
> statements don't cut it for me. :)
>
> If I have a system that doesn't allow keys, I can check for weak
> passwords in the local system password database using various tools.
> But I can't really *ENFORCE* a check against user keys (i.e., I can't
> check for weak passwords or no passwords).
>
> How are you dealing with this?
>
> ---
> Puryear Information Technology, LLC
> Baton Rouge, LA * 225-706-8414
> http://www.puryear-it.com
>
> Author:
> "Best Practices for Managing Linux and UNIX Servers"
> "Spam Fighting and Email Security in the 21st Century"
>
> Download your free copies:
> http://www.puryear-it.com/publications.htm
>
>
--
Dana Quinn
danaq@pobox.com