gpg: Signature made Sun Mar 14 11:35:42 2010 UTC using DSA key ID BF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>"
gpg: aka "Andrew James Smith <andy@strugglers.net>"
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>"
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>"
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>"
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>"
Hi Kalan,
On Sun, Mar 14, 2010 at 02:02:23PM +0300, Kalan wrote:
> On Sun, Mar 14, 2010 at 11:51, Andy Smith <andy@???> wrote:
> > 2) Don't use passwords at all, only keys.
> > A lot of people have trouble setting up SSH keys and I would guess
> > that very few customers have them before they get a VPS, so setting
> > it up out of the box to require keys would be rather limiting. So
> > that's (2) out.
>
> Forbidding passwords at all would be rude, but SSH keys definitely
> should be strongly promoted, and the best way is a good and visible
> guide explaining the very basic principles and setup details.
The thing about good and visible guides..
Okay, here's a template for the provisioning email:
http://pastie.org/private/qylguieq4zvm7i9sht17w
It hasn't really changed in the last 2 years, You may notice a
subtle yet repeated bit of advice in there.
Maybe it's too subtle, because it didn't really do anything to
decrease the number of support requests to reset console password. I
had to implement email reset instead. It seemed easier than visiting
people in person to etch it on the inside of their eyelids.
I'm all for people learning the hard way, but when it impacts on me
as well I have to be pragmatic...
> Keys might be encouraged by key authenication to all services (panel,
> nagios, etc). IIRC, steps towards this were announced, but I still
> have to reset my password every time I need to log in there! I have no
> passwords on my VPS and apparently no working password on console, and
> I would like to stop caring about them at all.
Difficult to use ssh keys to access a web service. Would OpenID be
of any use to you?
I'll have a look at your other difficulties off-list as that
shouldn't be the case..
> After this is implemented, new customers may be offered two options:
> — Do you want keys or passwords for auth?
> — WTF keys?
> — http://bitfolk.com/keys.html
> — Keys! Keys! Of course, keys!!!11111
I'm wiling get unsubtle about it, but I fear there is no bounds to
what can be ignored for the sake of convenience..
Cheers,
Andy
