Public bug reported: Hi
The ubuntu installation came with my Kubuntu 10.10 contains /etc/ssh/sshd_config file with these lines: # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes Googling with the phrase like "Change to no to disable tunnelled clear text passwords" shows that many (if not all) recent versions of Ubuntu came with this comment. Analysis of all available information indicates that this is most likely wrong comment. This comment tells about sending of passwords unencrypted and it cannot be understood differently. Is this happening in reality? "man ssh" says somewhere in the middle of the very long novell, that it can never happen. So if this is happening, it should be fixed in order to make it impossible to happen. If this is not happening, it needs to correct this comment accordingly. There is also another option "RSAAuthentication", and it is not clear whether it should be involved to encrypt passwords. This lack of documentation makes users spend a lot of time. See discussion here: http://ubuntuforums.org/showthread.php?t=1621066 ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- tunnelled clear text passwords https://bugs.launchpad.net/bugs/677161 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
