Dustin Puryear wrote: > Other than making a policy of "Put passwords on your SSH keys", how do > you handle the danger of some users potentially not using passwords on > their keys? > A site I work at has external ssh gateways that require keys and then require the user to login against the local password database. It was done with commercial SSH on unix as there was no option to do this multiple authentication technique with openssh at the time. I believe it is possible now.
> I'm interested in real-world ways to manage this issue. Policy > statements don't cut it for me. :) > > If I have a system that doesn't allow keys, I can check for weak > passwords in the local system password database using various tools. > But I can't really *ENFORCE* a check against user keys (i.e., I can't > check for weak passwords or no passwords). > > How are you dealing with this? > > --- > Puryear Information Technology, LLC > Baton Rouge, LA * 225-706-8414 > http://www.puryear-it.com > > Author: > "Best Practices for Managing Linux and UNIX Servers" > "Spam Fighting and Email Security in the 21st Century" > > Download your free copies: > http://www.puryear-it.com/publications.htm > > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > >
