On Wed, 2006-08-09 at 14:01 -0300, Rodrigo Barbosa wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, Aug 09, 2006 at 12:40:17PM -0400, Chris Mauritz wrote: > ><snip> > I have been using one One Time Password method or another to allow my > users to have ssh access to their areas these days. Works great, > as long as they are new users. Old users might complain if you > make things "more difficult" for them. As you know, I've never been afraid of exposing my ignorance. So, a Q. From rom my reading learning to use SSH and such I saw recommendations that login/password not be allowed where possible. So I did the public key things and exported them around my little nichework. My theory being that it is harder to get in and compromise things if there is no login/password pair for someone to "snoop". My question is: is there a scenario where the public key based solution is just totally inappropriate? Am I overrating the value of going "passwordless"? I'm also using an IPCop firewall w/no access from the 'net for now. But if/when I "open 'er up" a little, I would like to believe I'm doing the best job I can. > Rodrigo Barbosa > <snip sig stuff> TIA -- Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060809/bd28895a/attachment-0005.sig>