[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] The danger of SSH keys..

To: SAGE Members Mailing List <sage-members@usenix.org>
Subject: Re: [SAGE] The danger of SSH keys..
From: Bryan Fullerton <bryanf@samurai.com>
Date: Mon, 22 Jan 2007 13:07:36 -0500
In-Reply-To: <1255865152.20070122113513@puryear-it.com>
References: <410572049.20070122085528@puryear-it.com> <1255865152.20070122113513@puryear-it.com>
Sender: owner-sage-members@usenix.org
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)

Dustin Puryear wrote:
> A key difference here is that with a system password, I can at least
> force the user to set a password rather than leaving it blank. I can
> also require a minimum strength. With SSH keys, I can't do *any* of
> that.
>   
It doesn't seem like it would be monumentally hard to add a check in the 
various OpenSSH binaries to require a non-empty key passphrase of a 
certain minimum length.

If you're not up to coding it yourself you could submit a feature 
request (with associated offer to fund development if you really want 
it). If the OpenSSH folks added it themselves it could likely be managed 
via an associated config option.

Bryan

Follow-Ups:
- Re: [SAGE] The danger of SSH keys..
  - From: Hal Pomeranz <hal@deer-run.com>

References:
- [SAGE] The danger of SSH keys..
  - From: "Dustin Puryear" <dustin@puryear-it.com>
- Re[2]: [SAGE] The danger of SSH keys..
  - From: "Dustin Puryear" <dustin@puryear-it.com>

Prev by Date: Re: [SAGE] The danger of SSH keys..
Next by Date: Re[2]: [SAGE] The danger of SSH keys..
Prev by thread: Re[2]: [SAGE] The danger of SSH keys..
Next by thread: Re: [SAGE] The danger of SSH keys..
Index(es):
- Date
- Thread