From owner-freebsd-security  Tue Mar 19 12:10:26 2002
Delivered-To: freebsd-security@freebsd.org
Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111])
	by hub.freebsd.org (Postfix) with ESMTP id 4BF3637B42A
	for <security@FreeBSD.ORG>; Tue, 19 Mar 2002 12:09:48 -0800 (PST)
Received: from pittgoth.com (lcl234.zbzoom.net [208.236.36.234])
	by pittgoth.com (8.11.6/8.11.6) with ESMTP id g2JKBwq31511;
	Tue, 19 Mar 2002 15:11:59 -0500 (EST)
	(envelope-from darklogik@pittgoth.com)
Message-ID: <3C979D68.5060609@pittgoth.com>
Date: Tue, 19 Mar 2002 15:19:52 -0500
From: Tom Rhodes <darklogik@pittgoth.com>
Reply-To: darklogik@pittgoth.com
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.7) Gecko/20011221
X-Accept-Language: en-us
MIME-Version: 1.0
To: Alfred Perlstein <bright@mu.org>
Cc: Chris Johnson <cjohnson@palomine.net>, security@FreeBSD.ORG
Subject: Re: Safe SSH logins from public, untrusted Windows computers
References: <20020319144538.A42969@palomine.net> <20020319195119.GI455@elvis.mu.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Alfred Perlstein wrote:

> * Chris Johnson <cjohnson@palomine.net> [020319 11:45] wrote:
> [snip]
> 
>>Does anyone have any comments, or does anyone have a better idea?
>>
> 
> Once you load the key onto the machine and type your passphrase in you've
> done as good as just typing your password into it.
> 
> Don't use untrusted machines or get something like secure-ID that
> does one-time passwords.  Even with one time passwords you never know
> if someone with control over the machine is sitting there waiting for
> you to grab a cup of coffee in order to take control of your session
> and do nasties. :(


don't drink coffee, or logout before getting the coffee, or just bring 
it to the system with you ;)


> 
> So I guess it boils down to:
>   "Don't use untrusted machines."
> 
> 

Thats a good idea though ;)

-- 
Tom (Darklogik) Rhodes
www.Pittgoth.com Gothic Liberation Front
www.FreeBSD.org  The Power To Serve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message