2014-01-30 Brian <ad44@cityscape.co.uk <mailto:ad44@cityscape.co.uk>>:
On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
> On Tue, 28 Jan 2014 18:42:34 +0000
> Brian <ad44@cityscape.co.uk <mailto:ad44@cityscape.co.uk>> wrote:
>
> > The AllowUsers directive is a legitimate way to restrict ssh
logins to
> > certain users. However, I do not see what (ssh keys + AllowUsers)
> > brings to the party that (password + AllowUsers) doesn't.
>
> A key (if kept secret) is even harder to "guess" than a
> password,
I'd like to see a complex, random, high-entropy 20 character password
which is guessable (or capable of being cracked) in a timeframe which
has some significance. I'll give you "even harder" but it is of no great
consequence if you consider the situation where an online subversion of
a user's account is being attempted and a good password is in place.
I'd like to see someone who use such 20 character password for everyday
tasks.