SSH: When logging in, is the password in plain text / sniffable? [closed]

Question

I realise this question is subjective.

I am curious about the intelligability of an SSH password when an SSH tunnel is created. Does the secure session begin once the password has authenticated, or is the password itself encapsulated in this secure connection?

After an interesting debate in the office this morning, and aside of the possibility of an SSH password becoming compromised on a client with a keylogger, I am curious as to the possibility that an SSH password could also become compromised using packet sniffing tools on the LAN, or installed on any proxy between the Client and the Server. It's opened up a wider debate about the wisdoms of logging into private services (like a home NAS, or email) via an SSH tunnel whilst logged onto a client operating behind a/several intermediate proxy/ies. (ie, at work), especially with claims that tools such as Ettercap are capable of spying into SSH packets.

I assume that the same considerations could be made of SSL/HTTPS where a website does not parse the password into a one way hash such as MD5?

Your musings will be most appreciated.

Thanks.

Answer 1

Excerpt from the manpage of openssh:

Finally, if other authentication methods fail, ssh prompts the user for a pass‐ word. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network.

Answer 2

SSH is not named "Secure Shell" for no reason :).

SSH uses public-key cryptography for authentication, which is by itself pretty secure. If we assume that the attacker doesn't have the private keys of the user and the ssh daemon -- the password cannot be decoded by merely listening on the network.

This protocol, just like most others doesn't protect you from attacks from other sides. There are several combinations of social engineering and Man in the middle attacks like the SSH version downgrading attack and the DNS Spoofing attack.