Richard,
> Yes I have used the TTSSH for a couple of years now... but somehow I got it
> in my head that SSH1 established connections with a plain text password
> transmissions?
Nope, plaintext password transmission would be telnet. SSH1 uses the
RSA encryption algorithm for its authentication keys. SSH2 introduced
the use of the stronger DSA algorithm, and also provided a means that
other encryption methods could be used. I believe the folks at ssh.com
also introduced some licensing changes with SSH2, which then provoked
folks to start the OpenSSH project off of a version of the 1.x codebase.
A quick search at http://www.linuxdoc.org/ (the LDP) yielded this:
http://www.linuxdoc.org/LDP/LG/issue61/dellomodarme.html
A quick search at http://www.google.com/ on "ssh1 ssh2 difference" brought up
a range of results, including (both of which have a chart of encryption
algorithms):
http://www.talug.org/minutes/20000614/ssh/
http://doherty.ldgo.columbia.edu/NETWORK/ssh/ssh-faq-1.html (good details)
So, no, it doesn't use plain text passwords at all.
Telnet, on the other hand, **does** transmit passwords in plaintext, which is
why we repeatedly and STRONGLY encourage people NOT to use telnet and to use
ssh instead.
Regards,
Dan
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
