Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ssh config question

Status
Not open for further replies.
hfaix

hfaix

MIS
Nov 25, 2003
596
US
This may sound like a stupid question, but what exactly does the following line in the /etc/sshd_config file mean?

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no


 
Sort by date Sort by votes
PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.

The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password. If you intend to use the scp utility to make automatic backups over the network, you must set this option to yes.

 
Upvote 0 Downvote
ok, that makes sense, but what does

# To disable tunneled clear text passwords, change to no here!

mean?


Thanks!
 
Upvote 0 Downvote
This way no passwords are transported even if someone breaks the encryption.
 
Upvote 0 Downvote
From SSH The Secure Shell: The Definitive Guide:

...password authentication is less secure than public-key because the sensitive password is transmitted off the client host. It is protected from snooping while on the network but is vulnerable to capture once it arrives at the server if that machine has been compromised. This is in contrast with public-key authentication, as even a compromised server can't learn your private key through the protocol. Therefore, before choosing password authentication, you should weigh the trustworthiness of the client and the server, as you will be revealing to them the key to your electronic kingdom.
Click to expand...

Public key authentication takes more setup, but is more secure and convenient (thanks to ssh-agent) once in place. There's an article in the September 2005 Linux Journal on using keys for scripts and cron jobs, too.

That said, I don't normally turn off PasswordAuthentication because I might need to connect from a machine that doesn't have my private key.

Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

 
Upvote 0 Downvote
Oh.... that makes sense. Thanks Rod!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

M Henry Jones I
  • Locked
  • Question
LPAR Configuration
Replies
0
Views
194
M Henry Jones I
M Henry Jones I
TSch
  • Locked
  • Question
Execute ssh command on VIO Server
Replies
1
Views
367
w5000
w5000
ksun6868
  • Locked
  • Question
How to Configure Multiple Shared Ethernet Adapters (SEA)?
Replies
0
Views
374
ksun6868
ksun6868
NoLogic001
  • Locked
  • Question
Ssh-keygen (Saving the key failed:)
Replies
3
Views
218
iggsterman
iggsterman
Guy987
  • Locked
  • Question
Smartcard authentication to SSH
Replies
0
Views
86
Guy987
Guy987

Part and Inventory Search

Sponsor

Back
Top