Re: [vox-tech] sshd_config and PasswordAuthentication

To: lugod's technical discussion forum <vox-tech@lists.lugod.oMAPSrg>
Subject: Re: [vox-tech] sshd_config and PasswordAuthentication
From: Jay Strauss <me@heyjMAPSay.com>
Date: Thu, 07 Jul 2005 10:57:53 -0500
Delivered-to: lugod@livepenguin.com
Delivered-to: vox-tech@livepenguin.com
In-reply-to: <20050707144351.GA6639@houseag.com>
List-archive: <http://ns1.livepenguin.com/pipermail/vox-tech>
List-help: <mailto:vox-tech-request@lists.lugod.org?subject=help>
List-id: lugod's technical discussion forum <vox-tech.lists.lugod.org>
List-post: <mailto:vox-tech@lists.lugod.org>
List-subscribe: <http://lists.lugod.org/mailman/listinfo/vox-tech>,<mailto:vox-tech-request@lists.lugod.org?subject=subscribe>
List-unsubscribe: <http://lists.lugod.org/mailman/listinfo/vox-tech>,<mailto:vox-tech-request@lists.lugod.org?subject=unsubscribe>
References: <42CD34CA.1090208@heyjay.com> <20050707144351.GA6639@houseag.com>
Reply-to: lugod's technical discussion forum <vox-tech@lists.lugodMAPS.org>
Sender: vox-tech-bounces@lists.lugod.MAPSorg
User-agent: Mozilla Thunderbird 0.9 (Windows/20041103)

No, SSH never passes password across the net in cleartext. They are sent to
the remote host when using this option, which means that unless you have a
different password for each host, a malicious remote administrator could
capture your password and then use if to compromise your other accounts.

Feeling a bit stupid but I still don't understand what you mean

If I ssh from A to sveasoft - the password is encrypted
If I then ssh from sveasoft to C - the password is cleartext?

With PasswordAuthentication set to no, SSH-key authentication must be used
instead of a password. This method uses public/private key pairs created by
ssh-keygen(1) to authenticate. This is generally considered more secure than
tunneled-password authencation for reasons than someone else can explaim
better than I can.

This is what I thought that option did, but I have PasswordAuthentication no on most of my boxes but don't use a key pair to log in. I get prompted for a password and I type that in, and I'm logged on.

Thanks
Jay

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech

Follow-Ups:
- Re: [vox-tech] sshd_config and PasswordAuthentication
  - From: David Hummel
- Re: [vox-tech] sshd_config and PasswordAuthentication
  - From: Micah J. Cowan

References:
- [vox-tech] sshd_config and PasswordAuthentication
  - From: Jay Strauss
- Re: [vox-tech] sshd_config and PasswordAuthentication
  - From: Henry House

Prev by Date: Re: [vox-tech] Matching Contents of Lists
Next by Date: Re: [vox-tech] sshd_config and PasswordAuthentication
Previous by thread: Re: [vox-tech] sshd_config and PasswordAuthentication
Next by thread: Re: [vox-tech] sshd_config and PasswordAuthentication
Index(es):
- Date
- Thread

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.