Is your SSH password revealed when you attempt to connect to the wrong server? ssh keys
Simple put: yes
More detail...
If you connect to my machine then you don't know if I'm running a normal
ssh
server, or one that has been modified to write out the password being passed.
Further, I wouldn't necessarily need to modify
sshd
, but could write a PAM module (eg using pam_script
), which will be passed your password.
So, yes. NEVER send your password to an untrusted server. The owner of the machine could easily have configured it to log all attempted passwords.
Rather use ssh keys
Comments
Post a Comment