Another reason not to use sudo?
Hudson Delbert J Contr 61 CS/SCBN
Delbert.Hudson at LOSANGELES.AF.MIL
Tue Nov 23 16:05:38 UTC 2004
the answer to the question is still no.
-----Original Message-----
From: ubuntu-users-bounces at lists.ubuntu.com
[mailto:ubuntu-users-bounces at lists.ubuntu.com]On Behalf Of Daniel Stone
Sent: Monday, November 22, 2004 5:55 AM
To: Ben Edwards
Cc: Brett Carrington; Ubuntu List; Ryan - Trinity
Subject: Re: Another reason not to use sudo?
On Mon, 2004-11-22 at 13:41 +0000, Ben Edwards wrote:
> On Mon, 22 Nov 2004 08:33:08 -0500, Brett Carrington <brettcar at gmail.com>
wrote:
> > > If you ssh into a box the password of the initial account you log in
> > > is _not_ encrypted so you would normally log in as a lesser user and
> > > su when you are in (this I knew but many people do not).
> > This is false. Here is a quote from the ssh manpage:
> >
> > If other authentication methods fail, ssh prompts the user for a
pass-
> > word. The password is sent to the remote host for checking;
however,
> > since all communications are encrypted, the password cannot be seen
by
> > someone listening on the network.
>
> So ssh NEVER sends any unencrypted dater (apart from maybe the host
> and username you are connecting to.
>
> Interesting - was original password not being encrypted an issue in
> older versions of ssh?
You could sort of man-in-the-middle SSH1's passwords if you tried really
hard and it was the fourth Friday of the month and your doctor's last
name started with Q, or something. But not with SSH2.
--
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3264 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20041123/d24dc06d/attachment.bin>
More information about the ubuntu-users
mailing list