[lug] SSH
Michael Hirsch
mhirsch at nubridges.com
Tue Sep 3 14:32:02 MDT 2002
On Tue, 2002-09-03 at 15:57, David Morris wrote:
> On Tue, Sep 03, 2002 at 01:00:56PM -0600, John Dollison wrote:
> > I've never used SSH before, but I just finished installing it and reading as
> > much of the help as I could digest.
> >
> > I see that various methods of authentication and encryption are supported,
> > but I'm a bit confused - if I'm a first-time user and want to connect to a
> > web host to upload some files to my new website, is SSH automatically
> > secure, or do I first need to configure it (like generating public/private
> > key pairs)?
>
> SSH is *always* secure, you have no choice about that. You
> can select, among other things, the encryption algorithm,
> and the authentication algorithm.
Actually, you can let SSH use rhosts authentication. This is not
secure.
> If you do not create an RSA public/private key-pair, you
> will use password authentication, which means your password
> goes over the internet in plain text...which is bad if one
> of your worries is packet sniffing.
This is incorrect. The password is use, but not transmitted in the
clear. To quote from the man page: If other authentication methods
fail, ssh prompts the user for a password. The password is sent to the
remote host for checking; however, since all communications are
encrypted, the password cannot be seen by someone listening on the
network.
--Michael
More information about the LUG
mailing list