From owner-freebsd-security  Thu Mar 21 20:10:40 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost.gu.edu.au (kraken.itc.gu.edu.au [132.234.250.31])
	by hub.freebsd.org (Postfix) with ESMTP id 8D30237B400
	for <security@freebsd.org>; Thu, 21 Mar 2002 20:10:34 -0800 (PST)
Received: from kurango.cit.gu.edu.au (daemon@kurango.cit.gu.edu.au [132.234.86.1])
	by mailhost.gu.edu.au (8.10.1/8.10.1) with ESMTP id g2M4AMc09406
	for <security@freebsd.org>; Fri, 22 Mar 2002 14:10:22 +1000 (EST)
Received: from localhost (steve@localhost)
	by kurango.cit.gu.edu.au (8.12.2/8.12.2) with SMTP id g2M4AT5P006303
	for <security@freebsd.org>; Fri, 22 Mar 2002 14:10:29 +1000 (EST)
Date: Fri, 22 Mar 2002 14:10:29 +1000 (EST)
From: Steven Goodwin <steve@cit.gu.edu.au>
To: security@freebsd.org
Subject: Re: Safe SSH logins from public, untrusted Windows computers
In-Reply-To: <3C97BDE4.8040301@nisser.com>
Message-ID: <Pine.GSO.3.96.1020322140057.29070G-100000@kurango.cit.gu.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Tue, 19 Mar 2002, Roelof Osinga wrote:

> Richard Ward wrote:
> > Chris Johnson,
> > ...
> > If I could shoot a really crazy idea your way: What about using the
> > "Character Map" program included with Windows to slowly "type" out your
> > password? Though that would probably be cached long before you overwrite the
> > Clipboard.
> 
> Since we're talking about wacky ideas, whatever happened to the one I'm
> about to state: "keypress timing". Well, maybe nobody ever thought of it,

Without wanting to prolong the wacky ideas thread too much further, how
about using the screen port (/usr/ports/misc/screen).  Logged on at a
secure terminal, you could start a screen session, su to root, then detach
(ctrl+a+d).  When you are on travels, simply log in (using a particular
method described on this thread) to your remote machine as the user that
owns the screen session, re-attach the session (screen -r) and
viola, root access without passwords.  Simple, but useless if the remote
machine has been rebooted while you were away.  Wacky.

Steve 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message