From owner-freebsd-questions@FreeBSD.ORG  Wed Mar  2 08:13:21 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 214FA16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Mar 2005 08:13:21 +0000 (GMT)
Received: from royk.itea.ntnu.no (royk.itea.ntnu.no [129.241.190.230])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A6A043D41
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Mar 2005 08:13:20 +0000 (GMT)
	(envelope-from janchris@stud.ntnu.no)
Received: from localhost (localhost [127.0.0.1])
	by royk.itea.ntnu.no (Postfix) with ESMTP id 0B83A66EA6;
	Wed,  2 Mar 2005 09:13:19 +0100 (CET)
Received: from panter.stud.ntnu.no (panter.stud.ntnu.no [129.241.56.186])
	by royk.itea.ntnu.no (Postfix) with ESMTP;
	Wed,  2 Mar 2005 09:13:18 +0100 (CET)
Received: by panter.stud.ntnu.no (Postfix, from userid 32277)
	id A4C6512D51; Wed,  2 Mar 2005 09:13:18 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
	by panter.stud.ntnu.no (Postfix) with ESMTP
	id 920A412D50; Wed,  2 Mar 2005 09:13:18 +0100 (MET)
Date: Wed, 2 Mar 2005 09:13:18 +0100 (MET)
From: Jan Christian Meyer <janchris@stud.ntnu.no>
To: Stevan Tiefert <stevan@rot-1.de>
In-Reply-To: <20050302085135.B23556@mail.rot-1.de>
Message-ID: <Pine.GSO.4.58.0503020900500.13458@panter.stud.ntnu.no>
References: <20050302075507.P23359@mail.rot-1.de>
	<20050302074659.GA22958@mccme.ru>
	<20050302085135.B23556@mail.rot-1.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Content-Scanned: with sophos and spamassassin at mailgw.ntnu.no.
cc: freebsd-questions@freebsd.org
Subject: Re: sshd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2005 08:13:21 -0000

> [...] I can not close myself out with a firewall. I need the
> access to my system over the internet. Am I right that in this case, only
> a good password is protecting me?

If you have a way of transporting a private key file to wherever you need
to log in from (removable media, one last password login, whatever is
secure enough for your satisfaction), you can use public-key cryptography
and disable password based logins altogether.

Take a look at the man pages of ssh-agent, ssh-add, ssh-keygen, and
google around a bit - it is not too hard to set up.

Cheers,
 -Jan Christian