No, SSH never passes password across the net in cleartext. They are sent to the remote host when using this option, which means that unless you have a different password for each host, a malicious remote administrator could capture your password and then use if to compromise your other accounts.
Feeling a bit stupid but I still don't understand what you mean If I ssh from A to sveasoft - the password is encrypted If I then ssh from sveasoft to C - the password is cleartext?
With PasswordAuthentication set to no, SSH-key authentication must be used instead of a password. This method uses public/private key pairs created by ssh-keygen(1) to authenticate. This is generally considered more secure than tunneled-password authencation for reasons than someone else can explaim better than I can.
This is what I thought that option did, but I have PasswordAuthentication no on most of my boxes but don't use a key pair to log in. I get prompted for a password and I type that in, and I'm logged on.
Thanks Jay _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
