Date: Fri, 18 Jan 2002 00:43:55 -0700 (MST) From: Doug Russell <drussell@saturn-tech.com> To: Barry Irwin <bvi@itouchlabs.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: How to secure telnet? Message-ID: <Pine.BSF.3.96.1020118004212.19929I-100000@calvin.saturn-tech.com> In-Reply-To: <20020118093928.Y32746@itouchlabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jan 2002, Barry Irwin wrote: > On Thu 2002-01-17 (14:07), Mike Dresser wrote: > > > > One problem is if you're using telnet and then ssh, and type your > > passphrase or password in, if someone is sniffing the line at this point > > they now have access to the shell server using your account. > > > > Additionally, I haven't seen anyone touch on the fact the machine the user > > connects from may be compromised already, giving an attacker your > > passwords/passphrases/email to your loved ones from a keylogger or > > similar. > > To go to the paranoid side...... > SSK keys, although this requires the user carrying a disk arround, not all > cyber cafes or net access consoles allow you to stick disks in. One-time passwords are handy for some of these purposes. You may have to carry around a list of passwords, but at least someone can't use them again. Later...... <Doug>< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1020118004212.19929I-100000>