[clue-tech] sshd authorization strategies

[Dan Harris]

Dan Poler wrote:
> Could you possibly require your users that must connect to authenticate
> by key only and not by password? In doing so you could completely
> disable password auth. You could also investigate one-time passwords etc
> -- which can be generated off of a Palm or similar device.
> 
> dap

It's something to consider, but given the utter lack of success I've had trying 
to help remote non-technical users generate RSA keys and getting password-less 
scp to work, I'm really not excited about that idea.  Getting them to move from 
FTP to WinSCP is going to be a significant accomplishment by itself.

The one-time password is a good idea but would to improbable to implement in 
this situation I think.  There's too many people to coordinate and none of them 
are under the same management structure or budgets, etc.

-Dan