Date: Wed, 20 Sep 2006 10:03:41 -0700 (PDT) From: backyard <backyard1454-bsd@yahoo.com> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>, backyard <backyard1454-bsd@yahoo.com> Cc: questions@freebsd.org Subject: Re: sshd brute force attempts? Message-ID: <20060920170341.92690.qmail@web83114.mail.mud.yahoo.com> In-Reply-To: <20060919183404.H68018@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--- "Dan Mahoney, System Admin" <danm@prime.gushi.org> wrote: > On Tue, 19 Sep 2006, backyard wrote: > > > In reality using passwords with SSH kinda defeats > the > > purpose of SSH. > > Keeping passwords from being sent across the network > as cleartext? > > -Dan ssh will encrypt them of course but... the nosey snoop watching over your shoulder can see the keys you type, or the tricky guy that has installed a STDIN monitor hack, or enabling debugging of the console by mistake and having it appear in the syslogs. Using keys means you never have to use a password, other then locking the key. The key should always have a different password from the login. Using keys is the point of SSH so you can eliminate passworded logins making sure no one sees them at all. -brian > > -- > > "Of course she's gonna be upset! You're dealing > with a woman here Dan, > what the hell's wrong with you?" > > -S. Kennedy, 11/11/01 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920170341.92690.qmail>