Security Basics mailing list archives
Re: Is this normal?
From: "xyberpix" <xyberpix () xyberpix com>
Date: Tue, 26 Oct 2004 08:46:48 +0100 (BST)
SSH doesn't use cleartext, but version one can be sniffed quite easily with dsniff. :-) Maybe that's what was meant? xyberpix On Sat, 23 October, 2004 5:50 am, Jonathan Loh said:
I thought ssh did not send cleartext? Granted you can see source and destination and the fact that they are using ssh if you sniff when the session is starting, but no passwords are sent cleartext. But you'd be able to see that anyway. Though I think someone here mentioned in the ssh, not openssh, implementation there is a provision to send things in cleartext, though that has to be configured. Sure you can use hostkeys. hostkeys will verify that you are logging in from a certain host. But I also recomend you use passwords. --- bp1974 () comcast net wrote:* Disable clear text services (telnet,ssh etc.)__________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
-- For security and Opensource news check out: http://xyberpix.demon.co.uk
Current thread:
- Re: Is this normal?, (continued)
- Re: Is this normal? Barrie Dempster (Oct 27)
- Re: Is this normal? Kluge (Oct 27)
- Re: Is this normal? Kenneth R Swain II (Oct 27)
- Re: Is this normal? Barrie Dempster (Oct 27)
- Re: Is this normal? Adam Jones (Oct 22)
- Re: Is this normal? Callan K L Tham (Oct 25)
- Re: Is this normal? xyberpix (Oct 25)
- RE: Is this normal? Shawn Jackson (Oct 22)
- RE: Is this normal? Andrew Shore (Oct 22)
- Re: Is this normal? bp1974 (Oct 22)
- Re: Is this normal? Jonathan Loh (Oct 25)
- Re: Is this normal? xyberpix (Oct 26)
- Re: Is this normal? Jonathan Loh (Oct 26)
- Re: Is this normal? Jonathan Loh (Oct 25)
- Re: Is this normal? H Carvey (Oct 26)