Warning message at password prompt
Damien Miller
djm at mindrot.org
Thu Feb 14 08:33:40 EST 2002
On Wed, 13 Feb 2002, Edward Avis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've patched my local OpenSSH (currently 2.9p2, but the same
> patch applies to 3.0.2) to allow the cipher 'none' for both SSH1 and
> SSH2 connections. With SSH1, there is already code to print a warning
> that any password you enter will be sent in plain text. However the
> userauth_passwd() in sshconnect2.c does not have any such warning. I
> would like to discourage the users from sending plain-text passwords
> across the wire, even if the rest of the session is unencrypted.
I don't understand, OpenSSH always uses encryption.
-d
More information about the openssh-unix-dev
mailing list