Comment Re:Anyone can intercept SSH some of the time (Score 1) 278
It seems you are right about the password authentication. Somehow I thought SSH would do something more clever where the password is not sent over the network, but this does not seem to be the case. In this case public key would still be safer (two factors), but SSH would not leak your password during a MITM attack.