What password to use with ssh remote login?

[DominikHoffmann]

What password should I use for remote login? I am following the Help Viewer's suggestion after typing in "remote login". It suggests the "ssh -l username hostid" command. I can get to the point, where some kind of RSA key exchange takes place and it then asks me for the password of "username@hostid", but it won't accept my usual password.

What's different?

 

[jimr]

where is local and where is remote?

Where you are....
you have to be using a secure client to reach a secure host.

if the remote host does not support the protocol you are using...

????

difficult to answer without more detail.

how about your configuration on both machines

here is a case.

I am local

i type ssh -ljim 192.168.0.2
that starts a login process on a remote machine which is at that address.

then it prompts me for the (my)password on the remote machine.

then I log in and get a bash shell in my directory.

now as I walk over to that machine...
I type ssh -ljim 192.168.0.4
it asks for a login password to the machine I am logging in to.

Now imagine the wires stretch ...not just across the room but across the world.

I cannot type my password to my local machine to any other machine in the world.

I have to know that password.

and the remote machine must know what my machine is talking about.

ssh is a secure substitue for telnet.

if you know a machine which you can telnet into, use telnet.

if that server supports secureshell use ssh.

If you go to another machine you have to make sure that machine has the ssh client and that your sshd server is configured and ready to accept your connection.

this means that a security key has to be generated on both sides for you and your various user names.

man sshd
man ssh
to find more info
apple help!!! maybe a few morsels there.

 

[~vert]

Kinda unrelated but..., I was troubleshooting an ssh connection this afternoon and someone mentioned that I couldn't ssh into my G4 running 10.1 because I didn't have an encryption key (per the post above).

Not taking 'no' for an answer , I tried it anyway. Now my setup is a PC running WinMe on the same network as my G4. From the PC's Telnet app I selected a ssh connection, but then just entered in the IP of the G4. It presented me with a Login: prompt and then Password: prompt and I was in!

So I later found out that if the user name are the same on both computers, you can in effect, create a non-secure ssh connection (I know, that's an oxymoron - just read the man pages. They'll tell ya). So, if you are just trying to get into a home network through ssh and haven't created a key - and you are using the same logon on the other computer, it works. I suspect it would even work if you don't have the same logon, but I'm not up for testing that...

 

[mcasteel]

Originally posted by ~vert
So I later found out that if the user name are the same on both computers, you can in effect, create a non-secure ssh connection (I know, that's an oxymoron - just read the man pages. They'll tell ya).

It's not that non-secure, because the session is encrypted over the network. So, if you're logging on around the world, with ssh your password does not go around the world unencrypted. With ordinary telnet, it would.

The man page wouldn't consider this the best security, because it only requires an attacker to guess your password to get in.

The convenient thing about creating your own key is you can log on to a server which knows your key without any password required. For commonly-accessed machines, you can set up the ssh config to automatically deal with different login names and even handle SSH1 vs SSH2 issues, so logging in becomes as simple as 'ssh <machinename>'.