This got me thinking, shouldn't this go through PAM so that password
strength restrictions can be set as well? Obviously most ssh keys are
created locally. But, if this were implemented, I think most distros
would adopt the same strength criteria on this as they do with passwd
and the like.
---------- Forwarded message ----------
From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Wed, Sep 3, 2014 at 11:39 AM
Subject: Re: making the passphrase prompt more clear
To: Alex Bligh <alex at alex.org.uk>, Nico Kadel-Garcia <nkadel at
gmail.com>
Cc: Aidan Feldman <aidan.feldman at gmail.com>,
"openssh-unix-dev at mindrot.org" <openssh-unix-dev at
mindrot.org>
On 09/03/2014 07:42 AM, Alex Bligh wrote:>
> On 3 Sep 2014, at 12:05, Nico Kadel-Garcia <nkadel at gmail.com>
wrote:
>
>> What a *sensible* person! Kudos to you for catching just the sort of
>> thing that irritates or confuses people, especially new users.
>>
>> I'd suggest "Enter passphrase for key (empty for no
passphrase)"
>
> +1 on both points. Save that I'd perhaps say
>
> "Enter new passphrase for key (empty for none)"
>
> "new" because otherwise it can be construed as asking for an
> existing passphrase, and "none" because it's shorter.
I like Alex's wording. It's concise, and it avoids the ambiguity of the
current prompt.
Thanks for raising this, Aidan!
--dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 968 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140904/fbeb62b5/attachment.bin>