l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2005 Jul 15 02:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] sshd_config and PasswordAuthentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] sshd_config and PasswordAuthentication



På 2005-07-07, skrev Jay Strauss:
> Hi,
> 
> I have a sveasoft box, and in order to ssh from the sveasoft to a target 
> box, the target box must have PasswordAuthentication yes in the 
> /etc/ssh/sshd_config file.
> 
> I don't understand what that config option actually does.  The config 
> file has:
> 
> # To disable tunneled clear text passwords, change to no here!
> 
> Does this mean you can send clear text passwords to login?
> Does this mean that when you build a tunnel, passwords are sent clear 
> text to the forwarded app?

No, SSH never passes password across the net in cleartext. They are sent to
the remote host when using this option, which means that unless you have a
different password for each host, a malicious remote administrator could
capture your password and then use if to compromise your other accounts.

With PasswordAuthentication set to no, SSH-key authentication must be used
instead of a password. This method uses public/private key pairs created by
ssh-keygen(1) to authenticate. This is generally considered more secure than
tunneled-password authencation for reasons than someone else can explaim
better than I can.

I use SSH-key authentication and have disables tunneled-password
authentication for all me Internet-accessible hosts.

-- 
Henry House
+1 530 753 3361 ext. 13
Please don't send me HTML mail! My mail system usually rejects it.
The unintelligible text that may follow is a digital signature.
See <http://hajhouse.org/pgp> to find out how to use it.
My OpenPGP key: <http://hajhouse.org/hajhouse.asc>.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.