From owner-freebsd-questions@FreeBSD.ORG Fri Mar 18 15:12:55 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03CE716A4CE for ; Fri, 18 Mar 2005 15:12:55 +0000 (GMT) Received: from nagual.st (cc20684-a.assen1.dr.home.nl [82.74.2.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3426E43D39 for ; Fri, 18 Mar 2005 15:12:54 +0000 (GMT) (envelope-from dick@nagual.st) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nagual.st with local; Fri, 18 Mar 2005 16:12:53 +0100 Date: Fri, 18 Mar 2005 16:12:53 +0100 To: freebsd-questions Message-ID: <20050318151253.GA36966@lothlorien.nagual.st> References: <20050318112317.GA35516@lothlorien.nagual.st> <99cae7ce10c8fc95279f82222e6018de@chrononomicon.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <99cae7ce10c8fc95279f82222e6018de@chrononomicon.com> User-Agent: Mutt/1.4.2.1i From: Dick Hoogendijk Subject: Re: ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2005 15:12:55 -0000 On 18 Mar Bart Silverstrim wrote: > > On Mar 18, 2005, at 6:23 AM, Dick Hoogendijk wrote: > > >I log in from a remote windows computer on my school using PuTTY w/ > >ssh2. What I'd like to know is how *safe* is the login from this > >windows machine? > >I would like to be able to login to my home computer without being > >worried about some sneaky system operator at work (school) ;-) > > The SSH session, I believe, should be secure from sniffing (assuming > you're using protocol 2). > > If someone puts a keystroke logger on your windows machine, they will > get the password. > > If they put a hardware logger on your computer, they will get the data. > > If they are watching over your shoulder just as you misstype your > password as your username, you're probably in trouble. > > If someone is viewing your Windows desktop using remote monitoring > software (like a modified VNC), they'll see your session. > > If putty is trojaned, you're in trouble. > > If you're *really* paranoid about the connection, grab knoppix and use > it's ssh client to log in remotely. OK, thank you and all others who responded so quickly. This summary is very clear. I changed all passwords right when I came back home ;-) Assuming bad news has not yet happened.. Maybe I'm paranoid but I'll go for knoppix next time. It's the safest way to go as I understand now. -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja