Security for SSH
Mike
el.fontanero-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jun 10 19:56:48 UTC 2011
On Fri, Jun 10, 2011 at 3:46 PM, Stephen <stephen-d-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> wrote:
> On 11-06-10 03:25 PM, Dave Germiquet wrote:
>>
>> I know SSH certificates verification is much better than password
>> verification.
>>
>> However if the password is complex enough, is SSH vulnerable with password
>> verification?
>>
> Until authentication is complete, there is no encryption.
>
> So you are sending the password unencrypted, and it could be sniffed.
>
Even keyless password exchanges are encrypted by the host ssh keys.
The question is whether you are certain the other side is who it
claims to be...
Mike
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list