Tunnel-Only User with Pubkey auth. with SSH
- From: "security@xxxxxxxxxxxxxxxxxx" <security@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 26 May 2007 14:24:40 +0200
I wanted to ask you if there are some security issues
if I create a special user with a nologin-shell for tunneling
only and I set up public-key authentication.
I have put a Public Key at ~/.ssh/authorized_keys
and copied a private key with a passphrase to my client machine.
Now I wanted to ask how SSH sends the KEYS (Key-Exchange)..
Are they sent in Cleartext (sniffable) or are they secure to use?