I was just wondering if the SSH Server will obtain the plain password at some point in the authentication process. I know that the password is sent encrypted, but it somehow has to be validated and thus be decrypted by the server. Does the SSH Client only send a hash of its password or how is the security maintained?
Asked
Active
Viewed 1,266 times
0
-
Why should sending the password be a security issue here? Certainly using keys with ssh makes more sense than using passwords. But _if_ you use a password than it has to be send to the server. Hashing cannot be done on the client side, since the client has no idea about the authentication backend used. – arkascha Feb 16 '15 at 21:40
-
It is a security issue in the sense that my password could be sniffed by the server. – user0815 Feb 16 '15 at 21:48
-
As said: there is no way around it. If that bothers you, then use ssh keys (you had to setup the password in the first place, so give it to the server, didn't you?). Using keys should solve your problem, since then neither password nor key are send over the network. Instead a challenge response authentication strategy is used. Most ssh servers don't even allow password based authentication any more, but for other reasons. – arkascha Feb 16 '15 at 21:49
1 Answers
3
The password is sent over an encrypted channel to the server -- so it can't be sniffed "on the wire" -- but sshd requires the plaintext password in order to verify that it matches the locally stored password hash.
Because of this, one of the first things that happens when a system is compromised is that someone replaces sshd so that it can collect passwords and ship them off somewhere else.
You can largely avoid this problem through the use of ssh keys, which use public/private encryption and do not involve exposing your "secret" to the server, or through the use of multi-factor authentication, which reduces the impact of a compromised password (because without the second factor, the password itself is not useful).
larsks
- 277,717
- 41
- 399
- 399