SSH and clear text passwords
Part of sshd_config reads:
Quote:
Or does this apply only in certain tunneling situations? |
Those two lines are commented out, so they do not apply.
|
Right, but the default is PasswordAuthentication yes
So the question remains... |
IIRC, the password is sent as clear text through the SSH tunnel, which is an encrypted connection using the host keys, which is what SSL does as well, I believe.
http://www.linuxquestions.org/questi...r-text-475260/ http://www.mail-archive.com/debian-s.../msg23024.html |
Quote:
|
Quote:
So user/passwords are sent encrypted then? |
Passwords are sent in the clear across the encrypted "tunnel" just like chess says. You type your password and those characters are transferred to the remote machine. An outsider will not be able to intercept your password unless he is able to break the encryption, which is highly unlikely.
The purpose of the configuration parameter "PasswordAuthentication" is that you can set it to "No" to enforce the use of private/public key pairs as the only means of authentication instead of passwords. Eric |
Thanks,
The wording just seems really odd to me. Not trying to be fastidious, but just want to understand better. Do we have 2 hypothetical situations then? 1. we encrypt something, then send the packet(s) out. We say it's encrypted. 2. we send the packets out as is (in clear text) but across an encrypted tunnel. So if understand correctly, the wording in the ssgd_config file refers to situation 2. |
Yes. The first situation is what happens when you send a GPG-encrypted email. The email is sent out across the interweb in clear text, but it just so happens that clear text is encrypted and wouldn't make sense to anyone with the appropriate GPG keys. The second situation is what SSH does, which is also how you can tunnel and connect to services over SSH that use clear text passwords, like POP3 and SMTP.
|
Quote:
(#2 still applies to your question.) |
Thanks, that clears it up!
|
Quote:
If I use "PasswordAuthentication no" and "ChallengeResponseAuthentication yes", and instead of creating a key I enter my password, how will the password be transferred? Still clear text via encryption tunnel? |
Quote:
|
All times are GMT -5. The time now is 08:10 PM. |