Review request: openssh-server/password-auth

To: debian-l10n-english@lists.debian.org
Subject: Review request: openssh-server/password-auth
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 30 Apr 2016 11:46:36 +0100
Message-id: <[🔎] 20160430104636.GA18936@riva.ucam.org>
Mail-followup-to: debian-l10n-english@lists.debian.org

I'd like to add this template or something similar to the openssh-server
package.  Please review.

Template: openssh-server/password-auth
Type: boolean
Default: true
_Description: Enable password authentication?
 If password authentication is enabled, then users will be able to log in
 using their username and password. If it is disabled, then they must use
 other methods such as public-key authentication.
 .
 Disabling password authentication is generally more secure, but it requires
 all users to set up public SSH keys or other non-password-based
 authentication methods.

For background, see
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1576353
(especially comment #4).  The hedge about "other methods" is because
there are certainly methods other than public-key authentication that
one might reasonably use, most notably Kerberos; but if you're using
these then you generally know about them already, and I didn't want to
derail users who don't know about them into thinking that they might
need to set up Kerberos on their whole network, so I opted for calling
out the one method that's most common.

I expect to ask this question at debconf priority "low", at least to
start with.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: Review request: openssh-server/password-auth
  - From: Justin B Rye <justin.byam.rye@gmail.com>

Prev by Date: Announcing the start of Wheezy LTS
Next by Date: Re: Review request: openssh-server/password-auth
Previous by thread: Announcing the start of Wheezy LTS
Next by thread: Re: Review request: openssh-server/password-auth
Index(es):
- Date
- Thread