And that last point is what concerns me. With passwords on servers, *I* control the minimum strength. I can require a certain complexity, that one exists, etc. With SSH keys, that is difficult if not impossible to do.
So, to me, while SSH keys may set the bar higher initially, I ultimately have more control with passwords. --- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author: "Best Practices for Managing Linux and UNIX Servers" "Spam Fighting and Email Security in the 21st Century" Download your free copies: http://www.puryear-it.com/publications.htm Monday, January 22, 2007, 11:59:57 AM, you wrote: > On Mon, 2007-01-22 at 08:55 -0600, Dustin Puryear wrote: >> If I have a system that doesn't allow keys, I can check for weak >> passwords in the local system password database using various tools. >> But I can't really *ENFORCE* a check against user keys (i.e., I can't >> check for weak passwords or no passwords). > You can check for passphrase-less keys by attempting to load the key > into an ssh-agent. If it loads up, then you have a key with no > passphrase. > Regarding strength, I'd be inclined to write a wrapper around > ssh-keygen. You could grab the passphrase before generating the key and > create some dummy, using that passphrase as the passwd. This would allow > you to enforce the same password policy that you have specified via > PAM. > If all was well, ssh-keygen could then generate the key pair. > Dunno how I would restrict key pair generation to just my wrapper script > though... > --Larry
