Another reason not to use sudo?
Ben Edwards
funkytwig at gmail.com
Mon Nov 22 13:41:15 UTC 2004
On Mon, 22 Nov 2004 08:33:08 -0500, Brett Carrington <brettcar at gmail.com> wrote:
> On Mon, 22 Nov 2004 13:23:28 +0000, Ben Edwards <funkytwig at gmail.com> wrote:
> > We were trying to decide whether to enable root on the Ubuntu PCs we
> > have been setting up at a community center and the person I was
> > working with pointed out the following.
> >
> > If you ssh into a box the password of the initial account you log in
> > is _not_ encrypted so you would normally log in as a lesser user and
> > su when you are in (this I knew but many people do not).
> This is false. Here is a quote from the ssh manpage:
>
> If other authentication methods fail, ssh prompts the user for a pass-
> word. The password is sent to the remote host for checking; however,
> since all communications are encrypted, the password cannot be seen by
> someone listening on the network.
So ssh NEVER sends any unencrypted dater (apart from maybe the host
and username you are connecting to.
Interesting - was original password not being encrypted an issue in
older versions of ssh?
Ben
--
Ben Edwards - Poole, UK, England
WARNING:This email contained partisan views - dont ever accuse me of
using the veneer of objectivity
If you have a problem emailing me use
http://www.gurtlush.org.uk/profiles.php?uid=4
(email address this email is sent from may be defunct)
More information about the ubuntu-users
mailing list