SLUG Mailing List Archives - Re: [SLUG] Firewall security audit report

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] Firewall security audit report
From: Dave Fitch <David_Fitch@xxxxxxxxx>
Date: Wed Feb 28 08:01:02 2001
Reply-to: David_Fitch@xxxxxxxxx
User-agent: Mutt/1.2.5i

On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
> On Tue, 27 Feb 2001, chesty wrote:
> > We were advised to turn sshd PasswordAuthentication off because it allows
> > clear text passwords. 
> > hey? That doesn't sound right.
> 
> from ssh(1):
>      If other authentication methods fail, ssh prompts the user for a pass-
>      word.  The password is sent to the remote host for checking; however,
>      since all communications are encrypted, the password cannot be seen by
>      someone listening on the network.

yeah but from my /etc/ssh/sshd_config:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes

So I'm confused...
Dave

Follow-Ups:
- Re: [SLUG] Firewall security audit report
  - From: Howard Lowndes
- Re: [SLUG] Firewall security audit report
  - From: Conrad Parker

References:
- [SLUG] Firewall security audit report
  - From: chesty
- Re: [SLUG] Firewall security audit report
  - From: Ian Tester

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Can't sleep for the NFS
Next by Date: Re: [SLUG] Firewall security audit report
Previous by thread: Re: [SLUG] Firewall security audit report
Next by thread: Re: [SLUG] Firewall security audit report