RE: /etc/default/passwd and SSH

From: Toni Heinonen (
Date: 01/30/02

Date: Wed, 30 Jan 2002 10:25:58 +0200
From: "Toni Heinonen" <>
To: "Richard Cross" <>, <>

> Sorry to throw a spanner in the works, but I use publickey
> authentication on my servers. Is there any way I can enforce
> a similar
> policy that affects users' public keys?


No, I'm afraid there is no such functionality in OpenSSH at least, I don't know about the other SSH-servers but I think they're the same. Then again, this is not such a huge issue, since keypairs should only be replace like every two or three years. Actually, you might go with the same keypair for like five+ years if you choose large enough keys (2048 bits). I guess you could run a script every two years that deleted everyone's public key or mailed them to change their keys.

Toni Heinonen, CISSP
Teleware Oy
+358 40 836 1815