02-16-2011
11,728,
1,345
Join Date: Feb 2004
Last Activity: 8 May 2020, 9:07 AM EDT
Location: NM
Posts: 11,728
Thanks Given: 903
Thanked 1,345 Times in 1,201 Posts
You cannot let users access the ssh-keygen image directly.
Put ssh-keygen in a special directory, then create a shell script with the same name in place of ssh-keygen that intercepts passpahrase changes and enforces the IT security ruleset. It then calls ssh-keygen correctly when needed.