Re: Force non-empty pass-phrase?



"mark" == mark <mark@xxxxxxxxxx> writes:

mark> Does anybody know of a way to enforce a policy where ssh key
mark> pass-phrases should not be empty? It is one of the "weaknesses"
mark> of ssh as I see it that an administrator can't actually impose
mark> this constraint on access to his own server.

He can't, because it makes no sense. The server never sees the user's
private key. It has no control over where or how the key is stored. It's
like suggesting there's a lock out there that can "require" that you not
keep the key in your pocket.

--
Richard Silverman
res@xxxxxxxx

.