Summary of password strength discussion
Chris Murphy
lists at colorremedies.com
Tue Jul 28 02:07:32 UTC 2015
On Mon, Jul 27, 2015 at 4:54 PM, Matthew Miller
<mattdm at fedoraproject.org> wrote:
> On Mon, Jul 27, 2015 at 03:49:55PM -0600, Chris Murphy wrote:
>> > I like this too, but editing sshd_config is more than a bit scary.
>> Not the user, the GUI asks a service to do the editing COW style -
>> write out a .new and once that succeeds, then rename current to old
>> and new to current.
>
> Yes, I assumed that. What if there is an existing configuration?
It would always use /etc/ssh/sshd_config whether it's the default
installed, or a user modified one. The GUI Remote Login toggle would
toggle both sshd.service stop/start/enable/disable states, and
AllowUsers list. So something has to be able to parse this file.
Maybe PAM can be leveraged for this, since sshd_config defers to PAM
already for authentication. So sshd could just ask PAM rather than
modifying sshd_config directly.
--
Chris Murphy
More information about the desktop
mailing list