-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 12, 2016 at 09:02:23AM -0400, Stefan Monnier wrote: > > That weak passwords are a problem in themselves or that other services > > get started right away after install too is irrelevant to the point > > made -- again IMHO. > > Reminds me of a need I couldn't conveniently satisfy: allow known weak > passwords on some specific user accounts but make sure you can not use > them remotely (in my case I only wanted to allow GDM logins for them). > > E.g. make it so that sshd only lets you login if your user is in the > "ssh-able" group or some such, just like we do for sudo.
I think that is what AllowGroups and DenyGroups (and their twins - -Users) in the sshd_config are for. Some proposals in this thread go in that direction. regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAleE64AACgkQBcgs9XrR2kZGowCfVcYyJycfRzPAx6DilG5Rha5A RnYAnRmQeH5VcjTUHCG1pBL01fMyosxI =j+xi -----END PGP SIGNATURE-----
