Dr Andrew C Aitchison <[log in to unmask]> writes:
> On Wed, 1 Oct 2008, Brett Viren wrote:
>
>> Now we disallow passwords entirely on any publicly visible SSH
>> server (and so should you) so it's less useful.
>
> Does anyone have experience of training over a hundred academics
> to use ssh keys for remote login from random places all over the
> world ?
Unfortunately, yes. However, with enough effort, they can be trained!
We had no choice but to switch however part of what helped was good
documentation, which I hope to say we have here:
http://www.phy.bnl.gov/computing/index.php/Remote_Access
In the end everyone that previously used SSH passwords here were able
to handle the switch without too much grumbling. Some of those that
went further to use ssh-agent were even happier than before.
And it had real results. We went from about one compromise via SSH
per month to essentially zero.
-Brett.