ssh clear text passwords?

[Red Squirrel]

I saw this in the ssh config file:

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes


So... if I have password authentication turned on, it's sent in clear text?! This can't be right,is it?

 

[Nothinman]

It's sent in clear text inside of the established tunnel so it's not clear text on the wire.

 

[Red Squirrel]

Oh I see, so not really an issue then? So it's basically unencrypted locally at both ends, only.

 

[Nothinman]

Pretty much, if you want to be sure you can always break out a packet sniffer.