Passwords are sent over encrypted channel, so only the server you connect to can see the password. Same happens when challenge-response authentication is used.
On Thu, Aug 11, 2016 at 11:29 PM Thomas Nikolajsen < [email protected]> wrote: > This commit changed our sshd(8) default: now cleartext passwords are > enabled. > I don't think this is what we want. > > I do understand that complicated and non essential patches are too much > work to maintain, > but this is simple and essential IMO. Hope you agree. > > -thomas > > http://lists.dragonflybsd.org/pipermail/commits/2016-August/624229.html > > commit f0ea6a7a164d1e1add5907937994265e906d96a3 > Author: Peter Avalos <pavalos at dragonflybsd.org> > Date: Wed Aug 3 18:25:04 2016 -0700 > > Remove most local modifications from OpenSSH. > > This primarily removes the HPN patches. It's become too cumbersome to > maintain these patches as demonstrated by the fact that we haven't > updated OpenSSH in quite some time. If people want additional > functionality in their OpenSSH, it's available in dports > (security/openssh). > > Instead of just silently ignoring removed options in people's > configurations, I decided to treat these as errors so that the admin > will need to decide to remove it from their configuration or install > the > dport to get the functionality back. > > Summary of changes: > .. > crypto/openssh/ssh_config | 5 +- > .. > > http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f0ea6a7a164d1e1add5907937994265e906d96a3 > -> > .. > diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config > -# We disable cleartext passwords by default > -PasswordAuthentication no > +#PasswordAuthentication yes > .. >
