Re: SSH vs encrypted passwords
From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 11/11/04
- Next message: Jonathan H N Chin: "Re: SSH vs encrypted passwords"
- Previous message: Keith Keller: "Re: SSH vs encrypted passwords"
- In reply to: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Next in thread: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Reply: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 11 Nov 2004 08:29:07 GMT
Lawrence DčOliveiro <ldo@geek-central.gen.new_zealand> writes:
>No. The password is never transmitted to the remote system in SSH.
You're wrong. Looking through a "truss" of the ssh server
it does call crypt() when you use a password authenticated login.
That means it will have gotten the clear text password (but it's
send over an encrypted connection)
The server has a key which is verified, that's how ssh protects
against rogue servers.
Casper
- Next message: Jonathan H N Chin: "Re: SSH vs encrypted passwords"
- Previous message: Keith Keller: "Re: SSH vs encrypted passwords"
- In reply to: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Next in thread: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Reply: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
