Date: Fri, 18 Jan 2002 09:39:28 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: Mike Dresser <mdresser_b@windsormachine.com> Cc: Jim Flowers <jflowers@cantoncommerce.com>, Andrew Houghton <aah@acm.org>, freebsd-isp@FreeBSD.ORG Subject: Re: How to secure telnet? Message-ID: <20020118093928.Y32746@itouchlabs.com> In-Reply-To: <Pine.LNX.4.33.0201171400410.22240-100000@router.windsormachine.com>; from mdresser_b@windsormachine.com on Thu, Jan 17, 2002 at 02:07:02PM -0500 References: <200201171849.g0HInAV01755@lily.ezo.net> <Pine.LNX.4.33.0201171400410.22240-100000@router.windsormachine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2002-01-17 (14:07), Mike Dresser wrote: > > One problem is if you're using telnet and then ssh, and type your > passphrase or password in, if someone is sniffing the line at this point > they now have access to the shell server using your account. > > Additionally, I haven't seen anyone touch on the fact the machine the user > connects from may be compromised already, giving an attacker your > passwords/passphrases/email to your loved ones from a keylogger or > similar. To go to the paranoid side...... SSK keys, although this requires the user carrying a disk arround, not all cyber cafes or net access consoles allow you to stick disks in. How about using S/Key Can either use a java OTP calculator, or get the user a hardware token. I think in the end you need to weigh up the risks between providing access, and what your risk of being hacked is. Barry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020118093928.Y32746>