|
|
|
|
|
|
by janosdebugs
734 days ago
|
|
|
There is nothing wrong with this approach if enabled as an informed decision. It's the part where they want to enable this by default I have a problem with. Things that could be done is making password auth harder to configure to encourage key use instead, or invest time into making SSH CAs less of a pain to use. (See the linked paper, it's not a long read.) |
|
|