On 1/5/2010 7:31 AM, Kai Schaetzl wrote: > For what do you need the hash? You don't supply the hash for logging in. > In the case of SSH login, you are correct that the hash is not used to login. But the attacker may find a way to read the hash out of the /etc/shadow file, or the same password is used in other places and also stored with a md5 hash. A lot of things would have to go wrong for a remote attacker to get access to /etc/shadow - but it's been known to happen. (Personally, I always move the SSH port to something other then 22 and we only allow authentication via public keys over the external port.)