On Monday 15 January 2007 20:39, Michel Messerschmidt wrote: > On Sun, Jan 14, 2007 at 02:36:10PM +0100, Adrian von Bidder wrote: > > I have users a, b, c, d, e. All users except e can have shell access, > > but beecause shell access is powerful, must not be able to log in with > > password, but only with public key. > > If you don't trust your users to keep their passwords secure, why do you > trust them to keep their secret keys secure? I trust the users who have shell access to keep their keys secure. I don't trust the users to have unguessable (think dictionary attacks!) passwords. I see dictionary attacks on ssh on a daily basis. So far I only had users who either knew how to handle an ssh key or who didn't need anything else but imaps. Now I have a user who needs sftp access and who is not able to handle an ssh key. HTH -- vbi -- No matter how much data you add to your laptop, it will not get heavier.
Attachment:
pgp3CpQkLzzsd.pgp
Description: PGP signature