> Would it work to disable all ssh password logins and only allow logins with
> the proper private key?
I'm not sure, I'd have to check with my Windows users who do CVS checkouts
via ssh and see if their clients would support that. I suppose it might
work. I'd still like to see a way to specify on a per-account basis or at
least see root as a special case.
> I find this most secure--no more worries about password cracks (I just have
> to worry about the physical security of the USB key on my keychain).
As Russell mentioned, you also have to worry about client security -
physical as well as password security of your user's accounts if they're
coming in on machines that allow password login, etc... But in general it
might be a better way to go. I'll mull it over.
Thanks,
Dale
--
Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
[EMAIL PROTECTED]
http://www.cliftonlabs.com
pgp key available
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
