Is reference to Robert Redford really needed here?--CezaryMorga
No. Foremost the content should be concise and easily understood for the potential BSD admin learners. Adding opinions, personalization, humour, and anecdotes (like this) sometimes helps "liven" up dry text. In my opinion, I prefer to keep extras to the bare minimum. I am open to discussion on this. But in this case, I think it is misleading and time consuming (I never saw the film so now it makes me wonder what this is talking about). --reed
I suppose the question I need to ask then, is how much real security background are you attempting to instill? Certainly the movie reference can be removed (next commit I'll handle this), but isn't the fact that security includes more than just rot13'ing your s.o.'s middle name for a password something the reader should understand? --KevinDKinsey
Just did some major revision and added quite a bit of stuff. I'm about done on this one except for bugs. Questions:
"Providing a seed" --- we're talking about seeding /dev/random here to generate machine keys for sshd, right? Is this done the same way for all OS variants? If not, we need someone with more experience on other systems to take a look at this. It was my assumption that since all this stuff basically comes from Open, it was similar ... however, it's pretty apparent that /etc/rc.d/sshd came to Free from Net almost 5 years ago, (and has been changed since) so what's the current status of this? Isn't the basic idea that we don't want people just hitting ENTER after installation and creating machine keys with an unseeded RNG?
"Setting a passphrase" - should we even mention that we mean on the client's private key, not the machine's? I don't think I handled this very well....
FIRE AWAY!! --- feel free to butcher as necessary. In particular, I'm aware that a lot of text formatting of things like file/device names and commands need to be done. I'll also script(1) a few examples once we've got consensus (rectification??) of the things mentioned above.