Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: ssh

  1. #1

    ssh

    Is connecting to an ssh server using username and password secure? Are there any more secure way of connecting to an ssh server?

  2. #2
    Moderator
    Advisor
    redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811

    Re:ssh

    Everything through an ssh connection is encrypted, even username/password. So I dont see if there should be anything more secure than that..

  3. #3

    Re:ssh

    No possibillity to un-encrypt it?

  4. #4
    Moderator
    Advisor
    redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811

    Re:ssh

    Only with the correct keys that the ssh session is using at the exact moment.

  5. #5
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:ssh

    Trust the SSH. It is your friend. Where others speak too loudly, SSH whispers. SSH is so much more secure than TELNET or RSH, its riduiculous. I literally swear by ssh.

  6. #6
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re:ssh

    [quote author=-JhAzEr- link=board=5;threadid=4955;start=0#49308 date=1031990183]
    Are there any more secure way of connecting to an ssh server?
    [/quote]
    Use digital authentication keys such as from RSA.

  7. #7
    Guest

    Re:ssh

    I agree. SSH is the most secure thing for remote logging right now. Trust it and no other...

  8. #8

    Re:ssh

    No such thing as password cracking, like john the ripper does in /etc/passwd?

  9. #9

    Re:ssh

    I've never heard of a program that would do it. It would be practically impossible.

  10. #10
    Guest

    Re:ssh

    This is from man ssh:

    Code:
     ssh supports RSA based authentication.
         The scheme is based on public-key cryptography: there are cryptosystems
         where encryption and decryption are done using separate keys, and it is
         not possible to derive the decryption key from the encryption key.  RSA
         is one such system.  The idea is that each user creates a public/private
         key pair for authentication purposes.  The server knows the public key,
         and only the user knows the private key.  The file
         $HOME/.ssh/authorized_keys lists the public keys that are permitted for
         logging in.  When the user logs in, the ssh program tells the server
         which key pair it would like to use for authentication.  The server
         checks if this key is permitted, and if so, sends the user (actually the
         ssh program running on behalf of the user) a challenge, a random number,
         encrypted by the user's public key.  The challenge can only be decrypted
         using the proper private key.  The user's client then decrypts the chal-
         lenge using the private key, proving that he/she knows the private key
         but without disclosing it to the server.
    I cant remember, but isnt it either a 128 bit or a 512 bit alphanumeric key?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •