Date: Tue, 19 Mar 2002 13:50:10 -0600 From: "Laurence Berland" <laurence@isp.northwestern.edu> To: "Chris Johnson" <cjohnson@palomine.net>, <security@FreeBSD.ORG> Subject: RE: Safe SSH logins from public, untrusted Windows computers Message-ID: <NEBBKMNPDLIOHPHKLNIBOECHDAAA.laurence@isp.northwestern.edu> In-Reply-To: <20020319144538.A42969@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > This isn't exactly FreeBSD-security-related, but it's certainly > security-related, and I think it's likely to be of interest to > many of the list > members. > > I spend a lot of time in hotels, and most of them have Internet > centers with > Windows computers for the use of hotel guests. It's easy enough > to download a > copy of PuTTY and hide it in the Windows directory so that I can make SSH > logins to my various remote servers. > > I worry, however, about trojans and keyboard sniffers and what-have-you > monitoring my keystrokes, so I don't feel particularly safe doing > this. So I > thought I might stick a DSA key, encrypted with a passphrase used > only for that > particular key, on a floppy disk, and use that to log in. Without > the floppy > disk, the passphrase, if sniffed or recorded, would be useless. > > Question: if I plan on doing any work as root, would I be better > off setting > PermitRootLogin to without-password and logging in directly as > root, instead of > following the common practive of logging in as a regular user and > then su-ing? > su-ing would require that I type the password, and that's what > I'm trying to > avoid. sudo would avoid the password without leaving you open to people trying to hack in as a known username (root). My real suggestion would be skey. It's designed for precisely this sort of situation I think. No disks, no trust mechanisms, just a simple password that you write down on a card. The password is uesless after use, so no problems there... > > Does anyone have any comments, or does anyone have a better idea? > > Thanks. > > Chris Johnson > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBKMNPDLIOHPHKLNIBOECHDAAA.laurence>