Re: ssh authentication configuration?
Hi Joshua,
There should be no problem with using PasswordAuthentication with SSH
since the passwords are _NOT_ sent in the clear. Rather, the "clear
text" password is sent over the encrypted channel. From the SSH(1) man
page:
The password is sent to the remote host for checking; however, since
all communications are encrypted, the password cannot be seen by
someone listening on the network.
Patrick
On Wed, May 29, 2002 at 09:58:00AM +1000, Joshua Goodall wrote:
> Stephen,
>
> On Tue, May 28, 2002 at 05:51:02PM -0700, Stephen Johnson wrote:
[snip]
> > i've always disabled clear text passwords(PasswordAuthentication no),
> > and turn on pam auth (PAMAuthenticationViaKbdInt yes). That's always
[snip]
> I'll assume you're using openssh version 3.x that's in the
> debian/testing distribution.
>
> The password will still be sent in the clear; there is a difference in
> the way the server handles it (that is, it palms off to PAM the
> responsibility of letting you in) and a difference in the way the
> client negotiates (iirc it's nonfunctional if the client doesn't request
> keyboard-interactive negotiation).
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: