Re: For those who care about pam-ssh: RFC
2008/12/4 Jens Peter Secher <firstname.lastname@example.org>:
> To do that you will need to change /etc/pam.d/ssh-auth to
> auth sufficient pam_ssh.so
I know, that's why I'm not complaining =)
May writing it in the README.Debian could be a good idea.
> Hmm, if noone else has access to the computer (including remote
> access) then the passphrase on the SSH keys do not need to be more
> secure than the login password. On the other hand, if there is remote
> access to the computer, then a weak password will enable an evil
> hacker to get into you account, copy your SSH key and brute-force
> attack the key elsewhere. So I do not really see your point.
If someone has physical access to my computer, the only security is
encryption. No sense for a strong login password, he could boot with
an other OS or take out the HD and directly read the key (both options
will take far less time then brute-forcing an even weak password by
typing tries by hand).
Brute forcing a strong encryption password would take a lot of time
instead (I guess), which at least keeps safe computers not accessible
to anyone else (I'm thinking about a laptop and a home server, if I
get stolen of the laptop I can delete the public key on the server).
Please correct me if I'm completely mistaken...