From owner-freebsd-isp Sat Jan 19 1:26:58 2002 Delivered-To: freebsd-isp@freebsd.org Received: from beastie.saturn-tech.com (beastie.saturn-tech.com [207.229.19.136]) by hub.freebsd.org (Postfix) with ESMTP id BEA6937B41A for ; Sat, 19 Jan 2002 01:26:50 -0800 (PST) Received: from localhost (drussell@localhost) by calvin.saturn-tech.com (8.8.8/8.8.8) with SMTP id AAA28507; Fri, 18 Jan 2002 00:43:55 -0700 (MST) (envelope-from drussell@saturn-tech.com) Date: Fri, 18 Jan 2002 00:43:55 -0700 (MST) From: Doug Russell To: Barry Irwin Cc: freebsd-isp@FreeBSD.ORG Subject: Re: How to secure telnet? In-Reply-To: <20020118093928.Y32746@itouchlabs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 18 Jan 2002, Barry Irwin wrote: > On Thu 2002-01-17 (14:07), Mike Dresser wrote: > > > > One problem is if you're using telnet and then ssh, and type your > > passphrase or password in, if someone is sniffing the line at this point > > they now have access to the shell server using your account. > > > > Additionally, I haven't seen anyone touch on the fact the machine the user > > connects from may be compromised already, giving an attacker your > > passwords/passphrases/email to your loved ones from a keylogger or > > similar. > > To go to the paranoid side...... > SSK keys, although this requires the user carrying a disk arround, not all > cyber cafes or net access consoles allow you to stick disks in. One-time passwords are handy for some of these purposes. You may have to carry around a list of passwords, but at least someone can't use them again. Later...... < To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message