PasswordAuthentication

Contributed by mk/reverse on 2004-11-21 from the how do we know it's really you dept.

yes

62.9% (554 votes)

37.1% (327 votes)

Total votes: 881

(Comments are closed)

Comments

By Templeton Peck (62.175.42.214) on 2004-11-21 08:08

I use blockwords: sex, viagra, money...
By Anonymous Coward (68.125.27.117) on 2004-11-21 08:18

Keys are nice.
By Ian McWilliam (220.240.54.229) on 2004-11-21 12:57

Password Authentication on what?
Comments
1. By Michael Knudsen (217.157.199.114) on 2004-11-21 13:05
  
  sshd_config(5)
  Comments
  1. By Ian McWilliam (220.240.54.229) on 2004-11-21 13:14
    
    The Poll is exceptionally vague.................
    
    Comments
    
    By Rob Sessink (80.56.45.32) on 2004-11-21 21:07
    
    meant to be
    
    Comments
    
    By Mike (207.65.179.13) on 2004-12-03 12:17
    
    > meant to be
    
    Missing poll answer option -
    ( x ) Maybe
  2. By Ian McWilliam (220.240.54.229) on 2004-11-21 13:14
    
    The Poll is exceptionally vague.................
    
    Comments
    
    By Anonymous Coward (218.138.164.87) on 2004-12-14 03:46
    
    Its not vague at all, clearly you are a newbie to ssh.
By Darren Tucker (203.206.247.88) on 2004-11-22 06:08

(x) Depends on where the connection is from.
By ivlad (212.233.69.35) on 2004-11-22 08:09

Do one-time passwords count as well? ;)
Comments
1. By Michael Knudsen (217.157.199.114) on 2004-11-22 14:45
  
  I think that would be `ChallengeResponseAuthentication'.
By Paladdin (80.58.46.107) on 2004-11-22 08:25

As far as I need mobility and capability to access computers on a bunch of systems and platforms, I find passwords quite useful... And it doesn't take such an effort learn a strong pass :) Just make sure you don't stick it on the computer screen :D
Comments
1. By Gabriel (200.221.124.40) on 2004-11-22 13:12
  
  ONE strong pass is like writting it along the username!
  Comments
  1. By Paladdin (80.58.46.107) on 2004-11-22 14:58
    
    Why? I don't think so. Sure, having the same pass in your .htaccess file and your ssh account could be a bad idea: if you have more admin accounts, others could see your password, but I usually don't have to face this kind of problems.
    And I think it's better to have one strong pass than write down ten passphrases on a paper...
    If I get mad about security, then I use certificates but... as said, and by the moment, passwords are right for me.
    Of course, this could change in the future! :)
    
    Comments
    
    By Paladdin (80.58.46.107) on 2004-11-22 15:14
    
    Well... Did I mentioned earlier that my SimbianOS PuTTY port doesn't support anything but passwords? :)
    So, I can't live without PasswordAuthentication
    By the way, to all those funny BOFHs... It's really an amazing experience adding PF filters with your mobile phone (Nokias 60xx, SonyEricsson P800-900) while walking around, breathing fresh air. Try it!
    :D
By James (151.203.103.8) on 2004-11-22 12:59 For undeadly??

Maybe they mean for undeadly. I don't think password auth is necessary as identification isn't necessary, only the information or ideas one shares.
Comments
1. By Michael Knudsen (217.157.199.114) on 2004-11-22 14:44
  
  It is a poll trying to show how many have disabled PasswordAuthentication in sshd.
  Comments
  1. By Michael Knudsen (217.157.199.114) on 2004-11-22 14:46
    
    .. therefore the sshd_config(5) capitalisation.
By cruel (195.39.211.10) on 2004-11-22 13:22

is it OpenBSD journal or ClosedBSD journal? if you say "let it be open", be open...
By Sean Brown (204.209.209.129) on 2004-11-22 17:48

Only until kerberos is set up. BTW, does OpenSSH support LDAP for authorization? For that matter, does OpenBSD support LDAP at all?
Comments
1. By Anonymous Coward (24.102.88.31) on 2004-11-23 02:55
  
  $ cd /usr/ports
  $ make search key=ldap | less
  Comments
  1. By Sean Brown (68.147.170.205) on 2004-11-23 04:18
    
    Yes ok that was a broad question and that was stupid of me. I know that its in ports but what I meant was does OpenBSD support LDAP Authentication, for instance using LDAP in place of NIS. Linux and Solaris use PAM, but as far as I know that would require rebuilding everything to support PAM. I'm sort of just talking to myself, I won't be looking into doing this for a few weeks.
    
    Comments
    
    By benz (62.212.101.66) on 2004-11-23 16:29 http://wiki.mirbsd.de/BennySiegert
    
    No, you need not use PAM (and you don't want to). OpenBSD uses BSD auth, so you need sysutils/login_ldap from ports. However, every user needs an entry in the passwd file because OpenBSD does not support nsswitch.
    
    --Benny.
    
    Comments
    
    By Sean Brown (204.209.209.129) on 2004-11-23 16:33
    
    Thank you.
    
    By Michael Knudsen (217.157.199.114) on 2004-11-24 02:49
    
    There was a patch on tech@ a few days ago you might want to check out if you need this.
    
    Comments
    
    By Sean Brown (204.209.209.129) on 2004-11-24 20:57
    
    I couldn't find anything in a quick search of the archives, could you be more specific? Also anyone have details as to why PAM is such a bad idea, I'm really just getting into setting this up for myself.
    
    Comments
    
    By Michael Knudsen (217.157.199.114) on 2004-12-01 11:23
    
    It's right here.
    
    Comments
    
    By Sean Brown (204.209.209.129) on 2004-12-02 17:53
    
    Thank you. I couldnt find it because I didn't search for nsswich, but for LDAP. Silly me.
    
    By mirabile (213.196.251.237) on 2004-11-24 23:10 http://mirbsd.de/
    
    And, as we all know, PAM and nsswitch just introduce
    additional bloat, code paths and bugs. That's why it's
    good that OpenBSD does not implement nsswitch.
    
    (There is a kludge for YP/NIS+ though.)
By mirabile (213.196.251.237) on 2004-11-24 23:08 http://mirbsd.de/

Sure, keys are nice, and I'm actively advocacting them.

But they don't help with:
* IMAP4 (over SSL) - I'm using ldap for these now
* logins from "gimme a shell quick" boxen
* logins from at work
* lusers too stupid for PuTTYgen
* me being too lazy or paranoid to wear S/Key passwords with me

That's why I've got it set to yes, but I'm actually
using my key like 70-75% of the time (95% if you count
multiplexed sessions separate instead of as one).

PS: Did I tell already just HOW much ssh multiplexing rocks?
By Anonymous Coward (194.146.123.33) on 2004-12-03 14:12

no passwords suck...

i use biometric foreskin scan (bfs[tm])
Comments
1. By Anonymous Coward (81.168.23.162) on 2004-12-08 06:54
  
  how do you get the scanner up to your head?

By bob (53.122.192.14) on 2004-12-13 11:22 bob_2004@2fm.de

 
Hi folks,

i found thes s/key gens for J2ME mobils:

http://freesafe.sourceforge.net/
http://www.fatsquirrel.org/software/vejotp/
http://marcin.studio4plus.com/en/otpgen/index.html

best Bob

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]