justin@shiningsilence.com wrote: >> * Do not allow any login, root or otherwise, via tunneled plaintext >> password (previously: non-root logins were allowed via plaintext password). > > This means that people won't be able to ssh into a new DragonFly system > until keys for any given account have been created, correct? > > Would it be worth changing the new user creation process to autocreate > keys too? I'm trying to think of ways to reduce the (admittedly already > small) administrative overhead from this. I think not allowing password-based logins will confuse a lot of people. I don't think that even OpenBSD does this. Maybe we should allow users to easily 1. enable OPIE (one time passwords) and 2. disable passwords for ssh but best not make this a default. cheers simon