Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Firewall security audit report


On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
> On Tue, 27 Feb 2001, chesty wrote:
> > We were advised to turn sshd PasswordAuthentication off because it allows
> > clear text passwords. 
> > hey? That doesn't sound right.
> 
> from ssh(1):
>      If other authentication methods fail, ssh prompts the user for a pass-
>      word.  The password is sent to the remote host for checking; however,
>      since all communications are encrypted, the password cannot be seen by
>      someone listening on the network.

yeah but from my /etc/ssh/sshd_config:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes

So I'm confused...
Dave