[vox-tech] sshd_config and PasswordAuthentication
Jay Strauss
me at heyjay.com
Thu Jul 7 08:57:53 PDT 2005
> No, SSH never passes password across the net in cleartext. They are sent to
> the remote host when using this option, which means that unless you have a
> different password for each host, a malicious remote administrator could
> capture your password and then use if to compromise your other accounts.
Feeling a bit stupid but I still don't understand what you mean
If I ssh from A to sveasoft - the password is encrypted
If I then ssh from sveasoft to C - the password is cleartext?
>
> With PasswordAuthentication set to no, SSH-key authentication must be used
> instead of a password. This method uses public/private key pairs created by
> ssh-keygen(1) to authenticate. This is generally considered more secure than
> tunneled-password authencation for reasons than someone else can explaim
> better than I can.
This is what I thought that option did, but I have
PasswordAuthentication no on most of my boxes but don't use a key pair
to log in. I get prompted for a password and I type that in, and I'm
logged on.
Thanks
Jay
More information about the vox-tech
mailing list