Hi.

First: I've created this mailinglist (users@common-lisp.net) so I can reach you all at once. Only the maintainer of the server (ie moi) can post to this list and I intend to do so as rarely as I can get away with.

I'm emailing you today because I'm worried about all the brute force SSH attacks on clnet and I think I have a solution which may affect how you authenticate with clnet via SSH. What I propose to do is disallow password-based logins and only allow publickey-based ones. This basically means that everyone is forced to do passwordless logins which is a win-win, I think.

However, you may feel otherwise, thus this email. Reply to me with your thoughts on why I should not do this. After hearing your thoughts and if I still want to go ahead with it I'll email this list with the date by which you should have your public key configured and set up. If we do this I'll also add a mini-howto section to the FAQ describing how to do this.

Thanks, Erik.