On Tue, 2002-06-25 at 15:35, Florent Rougon wrote: > But the default sshd_config in the openssh-3.0.2p1 package has a comment > indicating the contrary: > > ,---- > | # To disable tunneled clear text passwords, change to no here! > | PasswordAuthentication yes > `---- > > and according to that comment, the default setting would be insecure...
Nope... it's just the way you read it... It's a tunnelled clear-text password, meaning the 'clear-text' password is transmitted trough the tunnel. The tunnel is encrypted. It just means that the password will be visible to roots on both ends of the tunnel, but not to anyone in between. So it's quite safe ;) -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
