From owner-freebsd-questions@FreeBSD.ORG  Wed Apr 25 13:42:03 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B597516A401
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Apr 2007 13:42:03 +0000 (UTC)
	(envelope-from xfb52@dial.pipex.com)
Received: from smtp-out3.blueyonder.co.uk (smtp-out3.blueyonder.co.uk
	[195.188.213.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 7D1C613C4CC
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Apr 2007 13:42:03 +0000 (UTC)
	(envelope-from xfb52@dial.pipex.com)
Received: from [172.23.170.145] (helo=anti-virus03-08)
	by smtp-out3.blueyonder.co.uk with smtp (Exim 4.52)
	id 1Hghku-0000Sf-7G; Wed, 25 Apr 2007 14:42:00 +0100
Received: from [62.31.10.181] (helo=[192.168.23.2])
	by asmtp-out2.blueyonder.co.uk with esmtp (Exim 4.52)
	id 1Hghkt-0007te-8s; Wed, 25 Apr 2007 14:41:59 +0100
Message-ID: <462F5AA6.1020906@dial.pipex.com>
Date: Wed, 25 Apr 2007 14:41:58 +0100
From: Alex Zbyslaw <xfb52@dial.pipex.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.13) Gecko/20061205
X-Accept-Language: en
MIME-Version: 1.0
To: Bill Moran <wmoran@potentialtech.com>
References: <20070415200255.18e6ab3f.wmoran@potentialtech.com>	<20070416184315.GA93730@idoru.cepheid.org>	<462E7F2A.10202@vindaloo.com>
	<20070425084454.165dd9d3.wmoran@potentialtech.com>
In-Reply-To: <20070425084454.165dd9d3.wmoran@potentialtech.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: User Questions <freebsd-questions@freebsd.org>
Subject: Re: Defending against SSH attacks with pf
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2007 13:42:03 -0000

Bill Moran wrote:

>I'm a big fan of PKI, but PKI suffers from one major problem, and it's
>the same flaw that physical keys suffer from: you have to have the key
>with you.
>  
>
If I had to use SSH from random locations, I'd get a USB stick that 
attached to a (physical) keyring and just stick it with my (physical) 
keys since I already have to carry those everywhere.  The SSH keys 
should be protected by decent passphrases so even losing the USB stick 
isn't the biggest deal.  Imation seem to make one that has one of those 
climbing-style buckles:  
http://www.misco.co.uk/applications/SearchTools/item-details.asp?EdpNo=247840&CatId=322

Probably you could fit the install file for PuTTY on there too, in case 
you had to use from a primitive windows environment.

--Alex