On Wed, 2006-08-09 at 14:01 -0300, Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Aug 09, 2006 at 12:40:17PM -0400, Chris Mauritz wrote:
<snip>
I have been using one One Time Password method or another to allow my users to have ssh access to their areas these days. Works great, as long as they are new users. Old users might complain if you make things "more difficult" for them.
As you know, I've never been afraid of exposing my ignorance. So, a Q.
From rom my reading learning to use SSH and such I saw recommendations that login/password not be allowed where possible. So I did the public key things and exported them around my little nichework. My theory being that it is harder to get in and compromise things if there is no login/password pair for someone to "snoop".
My question is: is there a scenario where the public key based solution is just totally inappropriate? Am I overrating the value of going "passwordless"?
I'm also using an IPCop firewall w/no access from the 'net for now. But if/when I "open 'er up" a little, I would like to believe I'm doing the best job I can.
Rodrigo Barbosa
<snip sig stuff>
TIA