As I’m relatively new to using SSH, I have a question about how passwords are transmitted through the logging in process.
Specifically, using Terminal in OS X 10.3, when I issue the command:
I am prompted for a password for user1, which if entered correctly, appears to log me in to the requested account with a secure shell.
My question is: When does the connection become secure? When the initial SSH command is issued, OR only AFTER the password is submitted?
What I’m getting at here, is whether the password is being sent ‘in the clear’.
Could someone in the know please explain how this works on the DH servers? Thanks.
Also, on a related note, is is possible to turn off FTP and Telnet services (for security reasons) and leave just SSH on?
P.S. I’ve tried setting up a DSA private/public key pair for use with SSH on DH, and it works fine (no need to enter a password to login in), however programs like MacSFTP seem to still want to request the user password.