[ietf79-tech] password access to services and management
Randy Bush
randy at psg.com
Tue Nov 2 14:21:28 PDT 2010
without thinking much, i changed access to services-[12] and management
to ssh keyed only. i woke up at 04:30 to find i had hurt chelliot who
wanted to change his ssh key. so a bit of a decision/discussion.
i strongly recommend not allowing password access on anything but
console, which is esxi console in this case. it's just way too scary
from a security standpoint.
but making it key-only will mean key changes, when you do not have your
old key, and new accounts/keys would have to be done for the user by
someone who already has root ability.
so i think we might shut passwords off after a day or so. this gives
folk a chance to fix their accounts.
tsinghua folk, it's your box, so your choice.
btw, the disk space on the virtuals is so small i am having a problem
building kernels and world.
randy
More information about the ietf79-tech
mailing list