[clue-tech] sshd authorization strategies
Dan Harris
dan at drivefaster.net
Wed Sep 12 13:05:11 MDT 2007
Dan Poler wrote:
> Could you possibly require your users that must connect to authenticate
> by key only and not by password? In doing so you could completely
> disable password auth. You could also investigate one-time passwords etc
> -- which can be generated off of a Palm or similar device.
>
> dap
It's something to consider, but given the utter lack of success I've had trying
to help remote non-technical users generate RSA keys and getting password-less
scp to work, I'm really not excited about that idea. Getting them to move from
FTP to WinSCP is going to be a significant accomplishment by itself.
The one-time password is a good idea but would to improbable to implement in
this situation I think. There's too many people to coordinate and none of them
are under the same management structure or budgets, etc.
-Dan
More information about the clue-tech
mailing list