RE: /etc/default/passwd and SSH

From: Toni Heinonen (Toni.Heinonen@teleware.fi)
Date: 01/30/02


Date: Wed, 30 Jan 2002 10:25:58 +0200
From: "Toni Heinonen" <Toni.Heinonen@teleware.fi>
To: "Richard Cross" <richard.cross@freeserve.com>, <focus-sun@securityfocus.com>


> Sorry to throw a spanner in the works, but I use publickey
> authentication on my servers. Is there any way I can enforce
> a similar
> policy that affects users' public keys?

Hello!

No, I'm afraid there is no such functionality in OpenSSH at least, I don't know about the other SSH-servers but I think they're the same. Then again, this is not such a huge issue, since keypairs should only be replace like every two or three years. Actually, you might go with the same keypair for like five+ years if you choose large enough keys (2048 bits). I guess you could run a script every two years that deleted everyone's public key or mailed them to change their keys.

-- 
Toni Heinonen, CISSP
Teleware Oy
+358 40 836 1815



Relevant Pages

  • Requiring Dual Factor Authentication / Multiple Authentication
    ... authentication for some servers that sit on border networks. ... a user would be required to use an rsa/dsa key & their system login ... enforce multiple authentication. ...
    (SSH)
  • Re: Requiring Dual Factor Authentication / Multiple Authentication
    ... authentication for some servers that sit on border networks. ... a user would be required to use an rsa/dsa key & their system login ... enforce multiple authentication. ...
    (SSH)
  • Re: Setting up SSH on Snow Leopard
    ... The above indicates that the only two methods of authentication ... I did *not* enable the publickey or ... keyboard-interactive methods in my client. ... being advertised by the SSH server on the Mac client? ...
    (comp.sys.mac.system)
  • Re: Setting up SSH on Snow Leopard
    ... The above indicates that the only two methods of authentication ... I did *not* enable the publickey or ... keyboard-interactive methods in my client. ... being advertised by the SSH server on the Mac client? ...
    (comp.sys.mac.system)
  • Public Key authentication not responding to public key?
    ... I'm having difficulties setting up public key authentication ... debug3: preferred publickey,keyboard-interactive,password ... debug3: authmethod_is_enabled publickey ... debug1: Next authentication method: publickey ...
    (comp.security.ssh)