From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH] mark OpenSSH password authentication as insecure Date: Sun, 29 Apr 2018 11:27:48 +0200 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2636090701675542017==" List-Id: --===============2636090701675542017== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Using password authentication for SSH access is quite risky since the security depends on the password strength. People should use public-key authentication instead. This partly fixes #11538. Signed-off-by: Peter M=C3=BCller --- langs/de/cgi-bin/de.pl | 2 +- langs/en/cgi-bin/en.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 07bef906b..477c23920 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2156,7 +2156,7 @@ 'ssh key size' =3D> 'L=C3=A4nge (bits)', 'ssh keys' =3D> 'Authentifizierung auf Basis =C3=B6ffentlicher Schl=C3=BCsse= l zulassen', 'ssh no auth' =3D> 'Sie haben keinerlei Authentifizierungverfahren zugelasse= n; dies wird Ihre Anmeldung verhindern', -'ssh passwords' =3D> 'Passwortbasierte Authentifizierung zulassen', +'ssh passwords' =3D> 'Passwortbasierte Authentifizierung zulassen (Sicherhei= tsrisiko)', 'ssh port' =3D> 'SSH Port auf 22 setzen (Standard ist 222)', 'ssh portfw' =3D> 'TCP-Weiterleitung zulassen', 'ssh tempstart15' =3D> 'SSH-Deamon in 15 Minuten beenden', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a343b3bd7..66356cc69 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2194,7 +2194,7 @@ 'ssh key size' =3D> 'Size (bits)', 'ssh keys' =3D> 'Allow public key based authentication', 'ssh no auth' =3D> 'You have not allowed any authentication methods; this wi= ll stop you logging in', -'ssh passwords' =3D> 'Allow password based authentication', +'ssh passwords' =3D> 'Allow password based authentication (security risk)', 'ssh port' =3D> 'SSH port set to 22 (default is 222)', 'ssh portfw' =3D> 'Allow TCP forwarding', 'ssh tempstart15' =3D> 'Stop SSH demon in 15 minutes', --=20 2.13.6 --===============2636090701675542017== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC Q2dBR0JRSmE1WkFVQUFvSkVObEk4Zzk5ZTU5b1cxUVArd1l3TmNZTUJ3c0pIYjI1UXRYdmxHWkIK eFUvRVNwNWZ0UUlrYXI2ZTRKUlYydklwZHRmOWM1MXRHRSsrZmNXcG9PVkw0TC9kZ0RIVnR2eEtC WWdZWUFTcAppMkt5UnlmR3VtakhsbXhiS095cDlsVVpmNTZVeFFCUXE4TURFYlFDWGdrQ1VJdmhW Tk1zWFRpUkw4WWNMUm9aCnRka3dqWkV6bjRhWDl4b0xkbnRwSnVNUmRENWNWSzdxSy9xQ1hOd2pU M0wzaHhPc0lndmVJZkovUko0VVBxSUQKSFU1dk9VMU9HOXhtQ1g4MVErNDkwNGt6bGxUQ3JDZ2VG VDNJYXNRbkhQM3pWazUzdTdMYWt1WTltd0RCWU05cQpOSFppeThUTW9wZ3BpNi9LRFY1Y2RQR2h0 NlZzejdWK1ZXeHd0WlJieUFyRWxUeFAzcXREaXZoMm9LRDNIMU1TCngxVlJrNHlNZ00xaXE0eHU5 Z2lQV0VUT2pjNkNnM0dpQy83am5Bckw1VlVtUVE5M2xaNHpkbEoyQkpSdFR4ejYKcXZlRUU2SXY2 UVZaM0lQbklYQjhtVVlIdVBPNFd6dk5SdDIwc05BTThGVFNyekpsbWVlVkhZdkZuVml0VXRSeAp2 ZzVXM0xMVmRiSTRCSndBa0paRUpja2o4eDNpMUdNei9vVk51UGJqZDl1WUs0Rnc3YjdKNXBuRWhP Vkh4QnozCjBaVHdIWkd6Z1JoL2FsZ0xuZ09UYnZ1TVhHdmY0bUVhL09xdEM2SWdZa3dJZUJmWXFq M05SMXpFMlBSTElFZkkKeVgrL2dBcDIzUWVnb3JmQXBBK20xazlEcUxTRmE2dDROQi9hY2N6QTgw Zk1EK1ozZEhyVkovbVJzQjB2NnArawpvNHpCS2VIOURGWFhNWjNySVlQOAo9Y2x4SwotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============2636090701675542017==--