Still cleartext password is typically short, as user types it manually, so brute force is much easier than key based auth.
-thomas Konstantin Kulikov wrote: > Passwords are sent over encrypted channel, so only the server you connect > to can see the password. Same happens when challenge-response authentication > is used. > > On Thu, Aug 11, 2016 at 11:29 PM Thomas Nikolajsen < > [email protected]> wrote: > > > This commit changed our sshd(8) default: now cleartext passwords are > > enabled. > > I don't think this is what we want. > > > > I do understand that complicated and non essential patches are too much > > work to maintain, > > but this is simple and essential IMO. Hope you agree. > > > > -thomas > > > > http://lists.dragonflybsd.org/pipermail/commits/2016-August/624229.html ..
