Re: [vox-tech] sshd_config and PasswordAuthentication

[hajhouseMAPS@houseag.com (Henry House)]

På 2005-07-07, skrev Jay Strauss:
> Hi,
> 
> I have a sveasoft box, and in order to ssh from the sveasoft to a target 
> box, the target box must have PasswordAuthentication yes in the 
> /etc/ssh/sshd_config file.
> 
> I don't understand what that config option actually does.  The config 
> file has:
> 
> # To disable tunneled clear text passwords, change to no here!
> 
> Does this mean you can send clear text passwords to login?
> Does this mean that when you build a tunnel, passwords are sent clear 
> text to the forwarded app?

No, SSH never passes password across the net in cleartext. They are sent to
the remote host when using this option, which means that unless you have a
different password for each host, a malicious remote administrator could
capture your password and then use if to compromise your other accounts.

With PasswordAuthentication set to no, SSH-key authentication must be used
instead of a password. This method uses public/private key pairs created by
ssh-keygen(1) to authenticate. This is generally considered more secure than
tunneled-password authencation for reasons than someone else can explaim
better than I can.

I use SSH-key authentication and have disables tunneled-password
authentication for all me Internet-accessible hosts.

-- 
Henry House
+1 530 753 3361 ext. 13
Please don't send me HTML mail! My mail system usually rejects it.
The unintelligible text that may follow is a digital signature.
See <http://hajhouse.org/pgp> to find out how to use it.
My OpenPGP key: <http://hajhouse.org/hajhouse.asc>.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech