On Thu, Jul 07, 2005 at 03:53:46PM -0500, Jay Strauss wrote: > > > Micah J. Cowan wrote: > > On Thu, Jul 07, 2005 at 10:57:53AM -0500, Jay Strauss wrote: > > > >>>No, SSH never passes password across the net in cleartext. They are sent to > >>>the remote host when using this option, which means that unless you have a > >>>different password for each host, a malicious remote administrator could > >>>capture your password and then use if to compromise your other accounts. > >> > >>Feeling a bit stupid but I still don't understand what you mean > >> > >>If I ssh from A to sveasoft - the password is encrypted > >>If I then ssh from sveasoft to C - the password is cleartext? > > > > > > No. The ssh password is always tunneled, but it's tunnelled "cleartext". > > This means that a sysadmin at sveasoft could rig their sshd to capture > > the cleartext password to a file, and they could then use it at other > > sites where you use the same password. > > > > Note that before you ssh'd in, they don't have your password > > unencrypted: they have a password hash. > > > > I feel I'm going a little round and round here > > Please correct me if I'm wrong, but I think you saying simply is that > the data that comes out of the far side of the tunnel is clear text?
That's right. It's not "clear" while it's "in the tunnel". > ie: > > me --ssh/encrypted -- sveasoft -- tunnel/cleartext -- box C I think that's right, although I'm not sure I entirely understand what I'm seeing above... ssh/encrypted and tunnel/cleartext are the same thing, unless the first one is intended to represent assymetric (public/private) key encryption. Assuming that you're not using assymetric key encryption at any point, the password is "cleartext" at every terminating point in the above (me, sveasoft and box C), but at no point in between. > BTW, sveasoft is just my own linksys router (at home) running a > different firmware, you could substitute any linux box in for the sveasoft > > But if I ssh to a box that has PasswordAuthentication yes, but then just > do "vi" and other admin tasks, nothing is clear text between the 2 > computers, including (most importantly) my password. The tunneling bit > I'm not too worried about. No, it's clear text at the destination box, in terms of the sysadmin (who could potentially read sshd's memory to see what it decrypted, and hence the decrypted clear-text password), and in terms of the sshd owner (who may have modified sshd to capture the password after decrypting it). > Furthermore if I, from the ssh session into my router, in turn ssh to > another box, everything from box router -> c is encrypted, right? Everything on an ssh connection from any box to any other box is encrypted. It's the termination points that are the problem (keylogging/ssh-prog capturing at origin, capturing or sysadmin-snooping at destination). The reason why public key cryptography is preferred, is that you prove to the destination box that you are who you say you are, without allowing the destination box to turn around and "prove" that /it/ is who /you/ say you are. What's wrong with PasswordAuthentication in a nutshell is, in order to authenticate yourself, both you and the destination host know your password. _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
