På 2005-07-07, skrev Jay Strauss: > Hi, > > I have a sveasoft box, and in order to ssh from the sveasoft to a target > box, the target box must have PasswordAuthentication yes in the > /etc/ssh/sshd_config file. > > I don't understand what that config option actually does. The config > file has: > > # To disable tunneled clear text passwords, change to no here! > > Does this mean you can send clear text passwords to login? > Does this mean that when you build a tunnel, passwords are sent clear > text to the forwarded app?
No, SSH never passes password across the net in cleartext. They are sent to the remote host when using this option, which means that unless you have a different password for each host, a malicious remote administrator could capture your password and then use if to compromise your other accounts. With PasswordAuthentication set to no, SSH-key authentication must be used instead of a password. This method uses public/private key pairs created by ssh-keygen(1) to authenticate. This is generally considered more secure than tunneled-password authencation for reasons than someone else can explaim better than I can. I use SSH-key authentication and have disables tunneled-password authentication for all me Internet-accessible hosts. -- Henry House +1 530 753 3361 ext. 13 Please don't send me HTML mail! My mail system usually rejects it. The unintelligible text that may follow is a digital signature. See <http://hajhouse.org/pgp> to find out how to use it. My OpenPGP key: <http://hajhouse.org/hajhouse.asc>.
signature.asc
Description: Digital signature
_______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
