RE: /etc/default/passwd and SSH

From: Toni Heinonen (Toni.Heinonen@teleware.fi)
Date: 01/30/02


Date: Wed, 30 Jan 2002 10:25:58 +0200
From: "Toni Heinonen" <Toni.Heinonen@teleware.fi>
To: "Richard Cross" <richard.cross@freeserve.com>, <focus-sun@securityfocus.com>


> Sorry to throw a spanner in the works, but I use publickey
> authentication on my servers. Is there any way I can enforce
> a similar
> policy that affects users' public keys?

Hello!

No, I'm afraid there is no such functionality in OpenSSH at least, I don't know about the other SSH-servers but I think they're the same. Then again, this is not such a huge issue, since keypairs should only be replace like every two or three years. Actually, you might go with the same keypair for like five+ years if you choose large enough keys (2048 bits). I guess you could run a script every two years that deleted everyone's public key or mailed them to change their keys.

-- 
Toni Heinonen, CISSP
Teleware Oy
+358 40 836 1815