Date: Tue, 19 Mar 2002 11:51:19 -0800 From: Alfred Perlstein <bright@mu.org> To: Chris Johnson <cjohnson@palomine.net> Cc: security@freebsd.org Subject: Re: Safe SSH logins from public, untrusted Windows computers Message-ID: <20020319195119.GI455@elvis.mu.org> In-Reply-To: <20020319144538.A42969@palomine.net> References: <20020319144538.A42969@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Chris Johnson <cjohnson@palomine.net> [020319 11:45] wrote: > This isn't exactly FreeBSD-security-related, but it's certainly > security-related, and I think it's likely to be of interest to many of the list > members. > > I spend a lot of time in hotels, and most of them have Internet centers with > Windows computers for the use of hotel guests. It's easy enough to download a > copy of PuTTY and hide it in the Windows directory so that I can make SSH > logins to my various remote servers. > > I worry, however, about trojans and keyboard sniffers and what-have-you > monitoring my keystrokes, so I don't feel particularly safe doing this. So I > thought I might stick a DSA key, encrypted with a passphrase used only for that [snip] > Does anyone have any comments, or does anyone have a better idea? Once you load the key onto the machine and type your passphrase in you've done as good as just typing your password into it. Don't use untrusted machines or get something like secure-ID that does one-time passwords. Even with one time passwords you never know if someone with control over the machine is sitting there waiting for you to grab a cup of coffee in order to take control of your session and do nasties. :( So I guess it boils down to: "Don't use untrusted machines." -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319195119.GI455>