Subject: Re: ssh - are you nuts?!?
To: None <thorpej@zembu.com>
From: None <opentrax@email.com>
List: tech-security
Date: 12/20/2000 04:51:02
On 17 Dec, Jason R Thorpe wrote:
> On Sun, Dec 17, 2000 at 12:29:05PM -0600, Tracy J. Di Marco White wrote:
> 
>  > As a system administrator, I consider RSA based authentication not so much
>  > of a plus.  I manage systems with up to 45K users, and we mandate decent
>  > passwords.  Using RSA passphrase authentication allows people to circumvent
>  > our password rules, and in fact allows them to choose to have no passphrase
>  > at all.  We use kerberos, and kerberos encrypted telnet offers some moderate
>  > amount of encryption.
> 
> You could certainly disable RSA-based authentication.
> 
> But having RSA-based authentication for the host is definitely better than
> no authentication... but, yes, I'd much rather see a "Kerberos for everything"
> option available for SSH.
> 
Wait. Are you saying that you would prefer to use "Kerberos" over
the "public key authentication" described in SSH2?
Do you feel it more secure than SSH2?

> The biggest problem for large deployments of SSH is public key harvesting
> and distribution.  Kerberos would solve that.
> 
Could you expand on this?