> > I'm wondering whether there actually is a use case for (or, much > resource savings to be obtained by) SSH logins that do *not* make > $HOME > available. > > Because if > -- there are none, > -- you *want* people to do *keypair* auth to log into the server, and > -- sshd defers the password auth to PAM (as you said it does, above), > I would expect that setting "AuthenticationMethods > publickey,password" > already does everything that's really required from the *server* > side. > There is already a similar use case: OTPs. You log into an account with your OTP generator device, and at least on Gnome-based Linux you are then greeted with a prompt to unlock your keychain (which is protected with a password). It's probably time to start thinking about solutions that no longer depend on a static password as the linch pin. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
