Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?

From: h.wulff (zuhause_at_aol.com)
Date: 08/02/05 

Date: Tue, 2 Aug 2005 00:00:27 +0200

Hello,

thanks for your reply.

In article <m2r7dd8nvr.fsf@darwin.oankali.net>, res@qoxp.net says...
> >>>>> "hw" == h wulff <zuhause@aol.com> writes:
>
> hw> Hello, AFAIK the "PasswordAuthentication yes" enables cleartext
> hw> passwords.
>
> The user authentication protocol is carried inside an SSH transport
> session, which is normally encrypted -- so this does enable cleartext
> passwords, at least as far as the network is concerned. It does reveal
> the password to the server, which is a weakness publickey authentication
> avoids.

<sshd_config>
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no
</sshd_config>

Thats why I assumed the clear text passwd.
Taken from sshd_config of OpenSSH_3.8.1p1 Debian-8.sarge.4. Btw: I know
that ssh is quite secure and there are no plain password. I wonder about
the comment...

>
> However, I don't think it much matters to answer your specific question.
> These various keywords in either product do not affect what happens to the
> password: it is encrypted if and only if the underlying SSH session uses
> encryption.
>

So, let me ask the question another way round:
What is the difference between "PasswordAuthentication no" and
"PasswordAuthentication yes"?
I can login with a password in both cases.

Thank you for your efforts! 

-- 
	h.wulff
	   [dont send me an email]

Relevant Pages

  • RE: SSH with no crypt
    ... my organization want to sniff every network ... That's why i'would like to continue using SSH ... ensure nobody inserts malicious hosts on the network that masquerade as ... possibility of initializing a SSH2 connection without encryption as ...
    (SSH)
  • Re: Do I need these ports open?
    ... It's a bit of a false comfort to consider the local network any safer than the WAN side... ... if an attacker has gained control of a machine on the LAN then attacks and monitoring from inside the LAN can be expected. ... An attacker who has owned a box that authenticates to your wireless network, or nosy person with legit access can sniff everything you do from your box unencrypted despite the use of strong encryption on the network, making it important to use ssh tunnels or some other encryption that only you have the key for. ...
    (Fedora)
  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Communication Device Protocols from External router directthrough Firewall
    ... TACACS is not. ... will get to SSH in a second)? ... or ACS should be on a DMZ ... Im sorry but why would you even say this as encryption between the firewall ...
    (Firewall-Wizards)
  • Re: Questions on some wierd /var/log entries
    ... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
    (comp.os.linux.misc)