[oxapentane]

Quick google led me to RFC4252[0], section 8 of which (as far as I understood) describes ssh auth sending password as UTF8 plaintext string (and the whole packet is encrypted at transport layer). While passwords in /etc/shadow are hashed, if someone got access to your server he can just put malicious listener that will catch this UTF8 string.

I'm not a SSH guru, so if I'm mistaken please shout at me ;D

[0] https://datatracker.ietf.org/doc/html/rfc4252#section-8

[throw0101a]

Anything that is not PAKE (which SSH is not) generally sends the password to the server:

* https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

* https://blog.cryptographyengineering.com/2018/10/19/lets-tal...

   A Password-Authenticated Key Exchange (PAKE) attempts to address this
   issue by constructing a cryptographic key exchange that does not
   result in the password, or password-derived data, being transmitted
   across an unsecured channel.

* https://datatracker.ietf.org/doc/html/rfc8125

I'm sure there are other zero-knowledge protocols besides PAKE-like ones, but I'm not an expert here.