Re: ssh authentication configuration?
There should be no problem with using PasswordAuthentication with SSH
since the passwords are _NOT_ sent in the clear. Rather, the "clear
text" password is sent over the encrypted channel. From the SSH(1) man
The password is sent to the remote host for checking; however, since
all communications are encrypted, the password cannot be seen by
someone listening on the network.
On Wed, May 29, 2002 at 09:58:00AM +1000, Joshua Goodall wrote:
> On Tue, May 28, 2002 at 05:51:02PM -0700, Stephen Johnson wrote:
> > i've always disabled clear text passwords(PasswordAuthentication no),
> > and turn on pam auth (PAMAuthenticationViaKbdInt yes). That's always
> I'll assume you're using openssh version 3.x that's in the
> debian/testing distribution.
> The password will still be sent in the clear; there is a difference in
> the way the server handles it (that is, it palms off to PAM the
> responsibility of letting you in) and a difference in the way the
> client negotiates (iirc it's nonfunctional if the client doesn't request
> keyboard-interactive negotiation).
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org