Is your SSH password revealed when you attempt to connect to the wrong server? ssh keys

Simple put: yes
More detail...
If you connect to my machine then you don't know if I'm running a normal ssh server, or one that has been modified to write out the password being passed.
Further, I wouldn't necessarily need to modify sshd, but could write a PAM module (eg using pam_script), which will be passed your password.
So, yes. NEVER send your password to an untrusted server. The owner of the machine could easily have configured it to log all attempted passwords.
Rather use ssh keys

Comments

Popular posts from this blog

HAproxy logging

teamcity Automatic Agent Start under Linux

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all