l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2005 Jul 07 16:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] sshd_config and PasswordAuthentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] sshd_config and PasswordAuthentication




Micah J. Cowan wrote:
On Thu, Jul 07, 2005 at 10:57:53AM -0500, Jay Strauss wrote:

No, SSH never passes password across the net in cleartext. They are sent to
the remote host when using this option, which means that unless you have a
different password for each host, a malicious remote administrator could
capture your password and then use if to compromise your other accounts.
Feeling a bit stupid but I still don't understand what you mean

If I ssh from A to sveasoft - the password is encrypted
If I then ssh from sveasoft to C - the password is cleartext?

No. The ssh password is always tunneled, but it's tunnelled "cleartext".
This means that a sysadmin at sveasoft could rig their sshd to capture
the cleartext password to a file, and they could then use it at other
sites where you use the same password.

Note that before you ssh'd in, they don't have your password
unencrypted: they have a password hash.

I feel I'm going a little round and round here

Please correct me if I'm wrong, but I think you saying simply is that the data that comes out of the far side of the tunnel is clear text?

ie:

me --ssh/encrypted -- sveasoft -- tunnel/cleartext -- box C

BTW, sveasoft is just my own linksys router (at home) running a different firmware, you could substitute any linux box in for the sveasoft

But if I ssh to a box that has PasswordAuthentication yes, but then just do "vi" and other admin tasks, nothing is clear text between the 2 computers, including (most importantly) my password. The tunneling bit I'm not too worried about.

Furthermore if I, from the ssh session into my router, in turn ssh to another box, everything from box router -> c is encrypted, right?

Jay

Jay
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.