Hi Joshua, There should be no problem with using PasswordAuthentication with SSH since the passwords are _NOT_ sent in the clear. Rather, the "clear text" password is sent over the encrypted channel. From the SSH(1) man page:
The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. Patrick On Wed, May 29, 2002 at 09:58:00AM +1000, Joshua Goodall wrote: > Stephen, > > On Tue, May 28, 2002 at 05:51:02PM -0700, Stephen Johnson wrote: [snip] > > i've always disabled clear text passwords(PasswordAuthentication no), > > and turn on pam auth (PAMAuthenticationViaKbdInt yes). That's always [snip] > I'll assume you're using openssh version 3.x that's in the > debian/testing distribution. > > The password will still be sent in the clear; there is a difference in > the way the server handles it (that is, it palms off to PAM the > responsibility of letting you in) and a difference in the way the > client negotiates (iirc it's nonfunctional if the client doesn't request > keyboard-interactive negotiation). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]