ssh security questions
Posted on 2002-07-02
i have two questions to ask regarding security.
1) if i use "putty" to ssh into a shell account, what data will be encrypted? i guess all the commands i issue are encrypted. but what about the remote host name? i mean, after firing up putty, i will be asked for a hostname and protocol to use. suppose i key in "boo.hello.org" and choose "ssh". will my ISP be able to tell i'm trying to ssh the site "boo.hello.org"? can i tell i'm using ssh rather than telnet? In a nutshell, how much will my local ISP know about what i'm doing?
2) i'm using "tera term" with ssh package installed. when i fire up "ttssh" and key in domain name i want to connect to, another windows pops up, asking for my user name and password. The thing is: i'm concerned with the lines under the username and password area: "use plain passwords to log in","use RSA key to log in", "use challenge/response(TIS) to log in" and by default, "use plain passwords to log in" is ticked. So does it mean my username and passwords are sent in plain texts? and if i use ttssh to upload files to a site, are they encrypted in the uploading process or not?
another question is: how can i "use RSA key to log in"?