Add new comment

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Great how-to, but for PCI compliance, you might need more
Submitted by nowen (registered user) on Thu, 2008-01-24 23:35.
SSH is a great, secure tool and these suggestions are great. I would add that if you need to be PCI compliant or face some other audit requirements, you might need something more than public-key authentication.  With SSH public-key authentication:

There is no way to control which users have public key authorization
There is no way to enforce passphrase complexity (or even be sure that one is being used)
There is no way to expire a public key

as I discussed here:http://www.howtoforge.com/secure_ssh_with_wikid_two_factor_authentication

nick
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Images can be added to this post.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <div>
  • Lines and paragraphs break automatically.
More information about formatting options