Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))

jes j3s at c3f.net
Mon Jun 15 03:26:45 BST 2020

Previous message (by thread): Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))
Next message (by thread): Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/14/20 8:31 PM, Matthew Graybosch wrote:
> On Sun, 14 Jun 2020 15:34:08 -0500
> I've also seen some forum posts suggesting that I can disable password
> authentication for all users by default, and then allow exceptions for
> particular users. This might help me harden Tanelorn without making
> things harder for less-skilled users who haven't gotten the hang of
> generating a ssh key and copying it yet.

Up to you! In my mind turning password auth is priority number one - but 
since you have users who could be confused by it, it's up to you and 
your own risk tolerance.

If any of these users are able to switch to the root user or similar, 
I'd say that you must disable password auth now regardless of what your 
users prefer.

You may consider setting MaxAuthTries to a reasonable value (say, 3 or 
4) which will lock user accounts that fail password auth that many times.

j3s

Previous message (by thread): Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))
Next message (by thread): Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list