Review request: openssh-server/password-auth
I'd like to add this template or something similar to the openssh-server
package. Please review.
Template: openssh-server/password-auth
Type: boolean
Default: true
_Description: Enable password authentication?
If password authentication is enabled, then users will be able to log in
using their username and password. If it is disabled, then they must use
other methods such as public-key authentication.
.
Disabling password authentication is generally more secure, but it requires
all users to set up public SSH keys or other non-password-based
authentication methods.
For background, see
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1576353
(especially comment #4). The hedge about "other methods" is because
there are certainly methods other than public-key authentication that
one might reasonably use, most notably Kerberos; but if you're using
these then you generally know about them already, and I didn't want to
derail users who don't know about them into thinking that they might
need to set up Kerberos on their whole network, so I opted for calling
out the one method that's most common.
I expect to ask this question at debconf priority "low", at least to
start with.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: