Re: Force non-empty pass-phrase?



"mark" == mark <mark@xxxxxxxxxx> writes:

mark> Does anybody know of a way to enforce a policy where ssh key
mark> pass-phrases should not be empty? It is one of the "weaknesses"
mark> of ssh as I see it that an administrator can't actually impose
mark> this constraint on access to his own server.

He can't, because it makes no sense. The server never sees the user's
private key. It has no control over where or how the key is stored. It's
like suggesting there's a lock out there that can "require" that you not
keep the key in your pocket.

--
Richard Silverman
res@xxxxxxxx

.



Relevant Pages

  • Re: Force non-empty pass-phrase?
    ... Richard E. Silverman wrote: ... mark> Does anybody know of a way to enforce a policy where ssh key ... You could make the lock *REALLY, REALLY, REALLY* big so that the ...
    (comp.security.ssh)
  • RE: error message
    ... You the Client:: send a User name and Password to the server which is your ... Hello Dale how things (while the is checking your ... 'automatically detect settings', which was unticked. ... Mark that the only time I got rid of this annoying message is when I ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: suggest guest book
    ... Mark! ... You'll abandon killings. ... server. ... He can properly favour towards stiff jolly corridors. ...
    (sci.crypt)
  • Re: Create Alias in DNS for an Exchange Server
    ... I had a problem with this kind of situation once before when a server ... Mark D. MacLachlan, ... ElseIf UcaseOldServerName Then ...
    (microsoft.public.exchange.admin)
  • Re: Execution Timeout Problem
    ... Hi Mark, ... In addition to Brock's suggestion on make your serverside processing ... you can also check whether you've apply any Timeout setting at ... you need to access the server somehow to initiate the long ...
    (microsoft.public.dotnet.framework.aspnet)