Subject: Re: ssh - are you nuts?!?
To: Tracy J. Di Marco White <firstname.lastname@example.org>
From: Jason R Thorpe <email@example.com>
Date: 12/17/2000 10:40:09
On Sun, Dec 17, 2000 at 12:29:05PM -0600, Tracy J. Di Marco White wrote:
> As a system administrator, I consider RSA based authentication not so much
> of a plus. I manage systems with up to 45K users, and we mandate decent
> passwords. Using RSA passphrase authentication allows people to circumvent
> our password rules, and in fact allows them to choose to have no passphrase
> at all. We use kerberos, and kerberos encrypted telnet offers some moderate
> amount of encryption.
You could certainly disable RSA-based authentication.
But having RSA-based authentication for the host is definitely better than
no authentication... but, yes, I'd much rather see a "Kerberos for everything"
option available for SSH.
The biggest problem for large deployments of SSH is public key harvesting
and distribution. Kerberos would solve that.
-- Jason R. Thorpe <firstname.lastname@example.org>