On Thu, 10 Mar 2005, Christos Zoulas wrote:
> Alan Barrett  <apb@cequrux.com> wrote:
> >I thought that all references to pam_ssh were to be
> >disabled, following discussion on tech-security.  See
> >http://mail-index.NetBSD.org/tech-security/2005/02/27/0002.html,
> >http://mail-index.NetBSD.org/tech-security/2005/02/27/0005.html,
> >http://mail-index.NetBSD.org/tech-security/2005/02/27/0007.html.
> 
> Well, not the ones in sshd :-)

Why not?  The same argument holds in that case as in any other case:
Possession of the password to the SSH private key has traditionally
not been sufficient to login using SSH, and should not suddenly become
sufficient by default (though it's fine to give the sysadmin enough
rope).

--apb (Alan Barrett)