Re: ssh and password authentication

To: Florent Rougon <florent.rougon@free.fr>
Cc: debian-security@lists.debian.org
Subject: Re: ssh and password authentication
From: Mark Janssen <maniac@maniac.nl>
Date: 25 Jun 2002 15:44:12 +0200
Message-id: <[🔎] 1025012653.1277.10.camel@ninja>
In-reply-to: <[🔎] 87fzzbtrag.fsf@florent.hn.org>
References: <[🔎] 87fzzbtrag.fsf@florent.hn.org>

On Tue, 2002-06-25 at 15:35, Florent Rougon wrote:
> But the default sshd_config in the openssh-3.0.2p1 package has a comment
> indicating the contrary:
> 
> ,----
> | # To disable tunneled clear text passwords, change to no here!
> | PasswordAuthentication yes
> `----
> 
> and according to that comment, the default setting would be insecure...

Nope... it's just the way you read it... It's a tunnelled clear-text
password, meaning the 'clear-text' password is transmitted trough the
tunnel. The tunnel is encrypted. It just means that the password will be
visible to roots on both ends of the tunnel, but not to anyone in
between.

So it's quite safe ;)

-- 
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: ssh and password authentication
  - From: Florent Rougon <florent.rougon@free.fr>

References:
- ssh and password authentication
  - From: Florent Rougon <florent.rougon@free.fr>

Prev by Date: ssh and password authentication
Next by Date: Re: ssh and password authentication
Previous by thread: ssh and password authentication
Next by thread: Re: ssh and password authentication
Index(es):
- Date
- Thread