RE: /etc/default/passwd and SSHFrom: Toni Heinonen (Toni.Heinonen@teleware.fi)
- Previous message: Olaf Schreck: "Re: /etc/default/passwd and SSH"
- Maybe in reply to: Nicholas Berry: "/etc/default/passwd and SSH"
- Next in thread: Ivanov, Vladimir: "RE: /etc/default/passwd and SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jan 2002 10:25:58 +0200 From: "Toni Heinonen" <Toni.Heinonen@teleware.fi> To: "Richard Cross" <email@example.com>, <firstname.lastname@example.org>
> Sorry to throw a spanner in the works, but I use publickey
> authentication on my servers. Is there any way I can enforce
> a similar
> policy that affects users' public keys?
No, I'm afraid there is no such functionality in OpenSSH at least, I don't know about the other SSH-servers but I think they're the same. Then again, this is not such a huge issue, since keypairs should only be replace like every two or three years. Actually, you might go with the same keypair for like five+ years if you choose large enough keys (2048 bits). I guess you could run a script every two years that deleted everyone's public key or mailed them to change their keys.
-- Toni Heinonen, CISSP Teleware Oy +358 40 836 1815