On Thu, 2008-05-15 at 14:41 -0700, Wolfgang S. Rupprecht wrote: > "jeff emminger" <jemminger@xxxxxxxxx> writes: > > isn't password authentication insecure? why not set > > "PasswordAuthentication no" and use ssh keys, and maybe port-knocking > > too > > My feeling exactly. You have no control over how stupid a password > users will pick. The only control you have is to not allow passwords > in the first place and insist on at least a 1k-bit (hopefully random) > key. Then you just have to hope the users' machines aren't vulnerable ... poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
