SLUG Mailing List Archives
Re: [SLUG] Firewall security audit report
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Firewall security audit report
- From: Dave Fitch <David_Fitch@xxxxxxxxx>
- Date: Wed Feb 28 08:01:02 2001
- Reply-to: David_Fitch@xxxxxxxxx
- User-agent: Mutt/1.2.5i
On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
> On Tue, 27 Feb 2001, chesty wrote:
> > We were advised to turn sshd PasswordAuthentication off because it allows
> > clear text passwords.
> > hey? That doesn't sound right.
> from ssh(1):
> If other authentication methods fail, ssh prompts the user for a pass-
> word. The password is sent to the remote host for checking; however,
> since all communications are encrypted, the password cannot be seen by
> someone listening on the network.
yeah but from my /etc/ssh/sshd_config:
# To disable tunneled clear text passwords, change to no here!
So I'm confused...