Use ssh. It's the best thing since sliced bread.
[ And it's Finnish. What a coincidence.. ]
> and was wondering whay passwords are not first encypted at the client side
> then sent over to the server side, then checked against the shadow/passwd
> file. Is it because this introduces some dependence on what encryption
> algorithm is used on the server side?
Heh. We can't do it that way, because then anybody could just read
/etc/passwd and send the proper (or rather, "improper") encrypted password
directly without having to worry about have to know and type the real
password. This is an issue even with shadow passwords, because _if_ the
shadow file is ever readable you're then wide open (instead of at least
having the normal crypt() security).
> Or is this already being done? I
> thought that password were UUencoded then sent over the network. Is this true?
Most things just send them in cleartext. Yes, it's easy to sniff them, and
that's why you should use "ssh" if you care - it does this all correctly
already.
(Or kerberos, but "ssh" is trivial to set up and quite sufficient for
most people and a lot less intrusive overall).
Both ssh and kerberos obviously _do_ use encryption, but it's a lot more
complex than just sending the /etc/passwd encrypted passwords over the
network..
Linus