How to remove "user at host's password" from ssh login prompt?
Colin Watson
cjwatson at ubuntu.com
Tue Sep 4 16:20:03 UTC 2018
On Tue, Sep 04, 2018 at 04:42:09PM +0100, Chris Green wrote:
> On Tue, Sep 04, 2018 at 01:03:26PM +0100, Peter Flynn wrote:
> > It's only a security leak if someone is looking over your shoulder: an ssh
> > connection is encrypted. If that connection or the source host has been
> > compromised, you'd have an entirely separate problem.
>
> It's a bit of a leak if someone just types "ssh <somewhere>" and gets
> confirmation that <somewhere> exists and my login name on <somewhere>.
Nope. The fact that they get a password prompt at all is confirmation
that <somewhere> exists, and if your login name on <somewhere> isn't the
same as your login name on the local host then it must be configured
locally in ~/.ssh/config. The password authentication prompt isn't
issued until the client has already provided all that information to the
server.
--
Colin Watson [cjwatson at ubuntu.com]
More information about the ubuntu-users
mailing list