Hello all: The sshd_config file says (/etc/ssh/sshd_config) that: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no I have a question regarding this. Does this mean that if I enable password authentication (change it to yes) and login to a computer via ssh using login name and password combination, the login name and password are sent as clear text (and easily can be sniffed)? I always thought that everything sent through the ssh channel is encypted, even the password and login name. Was I wrong? Please explain it. Thanks, IG
Quoting Gabor Istvan <suseuser04@freemail.hu>:
Hello all:
The sshd_config file says (/etc/ssh/sshd_config) that:
# To disable tunneled clear text passwords, change to no here! PasswordAuthentication no
I have a question regarding this. Does this mean that if I enable password authentication (change it to yes) and login to a computer via ssh using login name and password combination, the login name and password are sent as clear text (and easily can be sniffed)? I always thought that everything sent through the ssh channel is encypted, even the password and login name. Was I wrong?
The key word is "tunnelled". Your password is passed thru an encrypted tunnel. There are other authentication methods, RSA or DSA keys. Or a hash of the password combined with a challenge is passed instead of the password itself. So what you are doing is moderately safe. Using key pairs is safer. Do "man ssh-keygen", "man ssh-agent" for details. If you decide to go this route, keychain can make life easier. HTH, Jeffrey
participants (2)
-
Gabor Istvan
-
Jeffrey L. Taylor