Dr Andrew C Aitchison <[EMAIL PROTECTED]> writes: > On Wed, 1 Oct 2008, Brett Viren wrote: > >> Now we disallow passwords entirely on any publicly visible SSH >> server (and so should you) so it's less useful. > > Does anyone have experience of training over a hundred academics > to use ssh keys for remote login from random places all over the > world ?
Unfortunately, yes. However, with enough effort, they can be trained! We had no choice but to switch however part of what helped was good documentation, which I hope to say we have here: http://www.phy.bnl.gov/computing/index.php/Remote_Access In the end everyone that previously used SSH passwords here were able to handle the switch without too much grumbling. Some of those that went further to use ssh-agent were even happier than before. And it had real results. We went from about one compromise via SSH per month to essentially zero. -Brett.
