Hacker News new | past | comments | ask | show | jobs | submit login

Unfortunately as an administrator (outside of a soft policy) there doesn't seem much I can do to ensure that my users have an encrypted ssh private key nor can I control what other machine it's copied to. Which is something that worrying when users add 5 different authorized_keys from this and this account on physical machines and VMs and Android devices.



Can you control from what machines they're willing to enter their passwords or that their chosen password is not re-used for ten public websites?

At least an RSA key has a limited scope-of-use and is something that you, the administrator, can monitor and revoke.

Adding another factor to that authentication can only help (if it's done right).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: