SLUG Mailing List Archives
Re: [SLUG] Firewall security audit report
- To: Dave Fitch <David_Fitch@xxxxxxxxx>
- Subject: Re: [SLUG] Firewall security audit report
- From: Howard Lowndes <lannet@xxxxxxxxxxxxx>
- Date: Wed Feb 28 08:39:01 2001
- Cc: <slug@xxxxxxxxxxx>
The key word is "tunneled". The traffic is still encrypted. The
PasswordAuthentication option avoids or allows using the account password
LANNet Computing Associates <http://lannetlinux.com>
"...well, it worked before _you_ touched it!" --me
"I trust just one person,
and there are times when I don't even trust myself"
On Wed, 28 Feb 2001, Dave Fitch wrote:
> On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
> > On Tue, 27 Feb 2001, chesty wrote:
> > > We were advised to turn sshd PasswordAuthentication off because it allows
> > > clear text passwords.
> > > hey? That doesn't sound right.
> > from ssh(1):
> > If other authentication methods fail, ssh prompts the user for a pass-
> > word. The password is sent to the remote host for checking; however,
> > since all communications are encrypted, the password cannot be seen by
> > someone listening on the network.
> yeah but from my /etc/ssh/sshd_config:
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> So I'm confused...