Warning message at password prompt

Damien Miller djm at mindrot.org
Thu Feb 14 08:33:40 EST 2002

On Wed, 13 Feb 2002, Edward Avis wrote:

> Hash: SHA1
> I've patched my local OpenSSH (currently 2.9p2, but the same
> patch applies to 3.0.2) to allow the cipher 'none' for both SSH1 and
> SSH2 connections.  With SSH1, there is already code to print a warning
> that any password you enter will be sent in plain text.  However the
> userauth_passwd() in sshconnect2.c does not have any such warning.  I
> would like to discourage the users from sending plain-text passwords
> across the wire, even if the rest of the session is unencrypted.

I don't understand, OpenSSH always uses encryption.


More information about the openssh-unix-dev mailing list