Subject: Re: ssh - are you nuts?!?
To: None <>
From: None <>
List: tech-security
Date: 12/20/2000 04:51:02
On 17 Dec, Jason R Thorpe wrote:
> On Sun, Dec 17, 2000 at 12:29:05PM -0600, Tracy J. Di Marco White wrote:
>  > As a system administrator, I consider RSA based authentication not so much
>  > of a plus.  I manage systems with up to 45K users, and we mandate decent
>  > passwords.  Using RSA passphrase authentication allows people to circumvent
>  > our password rules, and in fact allows them to choose to have no passphrase
>  > at all.  We use kerberos, and kerberos encrypted telnet offers some moderate
>  > amount of encryption.
> You could certainly disable RSA-based authentication.
> But having RSA-based authentication for the host is definitely better than
> no authentication... but, yes, I'd much rather see a "Kerberos for everything"
> option available for SSH.
Wait. Are you saying that you would prefer to use "Kerberos" over
the "public key authentication" described in SSH2?
Do you feel it more secure than SSH2?

> The biggest problem for large deployments of SSH is public key harvesting
> and distribution.  Kerberos would solve that.
Could you expand on this?