Benedict Verheyen <linux4bene@pandora.be> [2002-08-04 15:46:44 +0200]: > How would users make a keypair if i had set PasswordAuthentication > to no? Then they cannot even login to make a pair? What's the > proper policy for this? My method required me to use the less save > password authentication but there are probably better ways to do > this, no ? As another poster said, you can create them remotely. But no matter what you still have to get them installed on the system and there is no way to do that without some type of login. You either have to pull them from there or push them from here. You will always need some way to bootstrap the system. Some systems, for example sourceforge, use a web server to allow external users to submit keys. The web interface handles the behind the scenes key setup. Personally I do allow password logins to my systems and live with the potential for a user to compromise their password. I strongly encourage using the password only to set up an RSA key pair and then to use the RSA key to authenticate. > Also, Putty doesn't seem to work (at least here) with type "rsa" keys. I believe putty only works with DSA keys and not RSA keys. Until the RSA patent expired many programs used alternate methods to avoid the US patent issues. That patent is expired now and no reason to avoid RSA today. However, putty.exe predates that and uses DSA keys. Bob
Attachment:
pgpHw7W2LYv4E.pgp
Description: PGP signature