Open jonasstein opened 4 years ago
I suggest that tmate requires public key authentication to increase the security per default. (security by design)
It should not fall back to the unsafe keyless mode, if the key is not found.
tmate --ignorekey should overwrite this requirement and allow the more insecure mode.
tmate --ignorekey
I fully support this!
How would that work for HTML5 clients?
The server can set tmate --ignorekey, to fall back to the less secure method, if the HTML5 client can not handle public key authentication.
I suggest that tmate requires public key authentication to increase the security per default. (security by design)
It should not fall back to the unsafe keyless mode, if the key is not found.
tmate --ignorekey
should overwrite this requirement and allow the more insecure mode.