Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Richard Lefebvre
May 30, 2005, 3:58 pm
rate this thread
is that empty passphrase are not blocked. Empty password, yes but nothing
to prevent a user to use a key with an empty password. Is there a way to
block this for a OpenSSH server or SSH2 18.104.22.168?
Richard Lefebvre "Don't Panic"
quasi(@AROBAS)videotron(.POINT)ca -- THGTTG
Re: Blocking empty passphrase?
RL> I have been looking at configuration of servers. And one thing I
RL> noticed is that empty passphrase are not blocked. Empty password,
RL> yes but nothing to prevent a user to use a key with an empty
RL> password. Is there a way to block this for a OpenSSH server or
RL> SSH2 22.214.171.124?
No, because the concept doesn't make any sense. The server never sees the
client's private key. Even if it did, the key passphrase is an artifact
of how the key is stored on disk, and so has nothing to do with the
- » Brute force attack, exponential delay for reconnect?
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum