Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Firewall security audit report


The key word is "tunneled".  The traffic is still encrypted.  The
PasswordAuthentication option avoids or allows using the account password
at all.

-- 
Howard.
____________________________________________________
LANNet Computing Associates <http://lannetlinux.com>
"...well, it worked before _you_ touched it!"   --me
"I trust just one person,
 and there are times when I don't even trust myself"
                                                --me

On Wed, 28 Feb 2001, Dave Fitch wrote:

> On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
> > On Tue, 27 Feb 2001, chesty wrote:
> > > We were advised to turn sshd PasswordAuthentication off because it allows
> > > clear text passwords.
> > > hey? That doesn't sound right.
> >
> > from ssh(1):
> >      If other authentication methods fail, ssh prompts the user for a pass-
> >      word.  The password is sent to the remote host for checking; however,
> >      since all communications are encrypted, the password cannot be seen by
> >      someone listening on the network.
>
> yeah but from my /etc/ssh/sshd_config:
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
>
> So I'm confused...
> Dave
>
>