Secure connection using credentials from C# Form textbox

Mar 22, 2013 at 12:38 AM
Edited Mar 22, 2013 at 3:13 AM
Hi,
first this ssh project is great, nice to have someone working on it since the Tamir sharp ssh that was kind of left over there...and I think you are making a great job. :)
I am creating an app that connect using sshClient, and I am having the user to enter their credentials in a Windows Form using textbox.

So I have 2 questions :

1- I imagine that when the user click on connect and it is using the password from the textbox, is the password sent in clear text?

2- what would be the best way to make that communication secure?

Not an expert in encryption, but if you could give me some example... Just want to make sure it will be secure as much as it can.

Here is what my code looks like, not using any encryption on it.
ssh_host = textbox1.text
ssh_port = 22
ssh_user = textbox2.text
ssh_pass = textbox3.text


 try
            {
                SshClient ssh = new SshClient(ssh_host, port, ssh_user, ssh_pass);
                ssh.Connect();

                using (var shellStream = ssh.CreateShellStream("dumb", 0, 0, 0, 0, 4096))
                {
                    sshresponse = shellStream.Expect(ssh_prompt);
                    // Here do some other ssh works ///
                 }
              }

catch(Exception ex) 
{

}
Coordinator
Mar 23, 2013 at 12:10 PM
Hi,

Sorry for late reply.
Well, not really since first step of connection is to establish encryption and then authenticate the the user so passwords never sent in a clear text.
If you want avoid keeping password in memory after connection what you can do is to use constructor which accepts byte[] for password.
Then what you can do is one connection is established you can either delete this array or simply nullify it.

Hope it helps.

Thanks,
Oleg