Security for SSH
Dave Germiquet
davegermiquet-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jun 10 21:13:54 UTC 2011
Thanks everyone for your input. :)
I understand now why Certificates are sometimes used for security.
On Fri, Jun 10, 2011 at 4:56 PM, Christopher Browne <cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>wrote:
> On Fri, Jun 10, 2011 at 7:46 PM, Stephen <stephen-d-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> wrote:
> > On 11-06-10 03:25 PM, Dave Germiquet wrote:
> >>
> >> I know SSH certificates verification is much better than password
> >> verification.
> >>
> >> However if the password is complex enough, is SSH vulnerable with
> password
> >> verification?
> >>
> > Until authentication is complete, there is no encryption.
> >
> > So you are sending the password unencrypted, and it could be sniffed.
>
> You're partly wrong...
>
> Encryption most certainly *IS* used, throughout. (Well, unless you
> suppress it, which can be done by suitably dumb mucking around with
> configuration.)
>
> But you could be passing your password, albeit encrypted, to someone
> that you didn't intend to give it to.
>
> The problem isn't that it "could be sniffed" - that is more than
> likely not possible.
>
> Instead, you might give your password, encrypted, to someone that has
> the key to decrypt data to get it, and that someone mightn't be
> someone to whom you wanted to entrust your password.
>
> A warning is given, in such cases, with the whole "The authenticity of
> host xxxxxxx can't be established... Are you sure you want to
> continue connecting (yes/now)?" exchange.
> --
> When confronted by a difficult problem, solve it by reducing it to the
> question, "How would the Lone Ranger handle this?"
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
-- Want to send emails that can't be read by someone else
-- Encrypt with my pgp key which can be found here:
-- https://keyserver.pgp.com/vkd/GetWelcomeScreen.event
Dave Germiquet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20110610/064da3ec/attachment.html>
More information about the Legacy
mailing list