[cryptography] ssh-keys only and EKE for web too (Re: preventing protocol failings)

Ian G iang at iang.org
Wed Jul 13 07:34:07 EDT 2011


On 13/07/11 9:27 PM, Ralph Holz wrote:
> Hi,
>
>> You know this is why you should use ssh-keys and disable password
>> authentication.  First thing I do when someone gives me an ssh account.
>
> Using keys to authenticate is what I usally do, too. But even if a user
> decides not to use plain password auth, switching off password-based
> access globally for all users is unfeasible in many settings.
>
> Say you've got a multi-user machine (a cluster, even). If your typical
> user is not a geek, but a scientist - telling them they need to create a
> key, send it to you to add to authorized-keys etc. is going to result in
> much extra work (for you) and frustration (for users).


Is there any reason why the ssh client-side can't generate the key, take 
the password from the user, login and install the key, all in one operation?

iang



More information about the cryptography mailing list