From owner-freebsd-security Tue Mar 19 12: 5:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 76A9D37B422 for ; Tue, 19 Mar 2002 12:05:02 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id g2JK4pj49431; Tue, 19 Mar 2002 15:04:51 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020319144819.022aba50@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 19 Mar 2002 14:58:45 -0500 To: Alfred Perlstein From: Mike Tancsa Subject: Re: Safe SSH logins from public, untrusted Windows computers Cc: security@FreeBSD.ORG In-Reply-To: <20020319195119.GI455@elvis.mu.org> References: <20020319144538.A42969@palomine.net> <20020319144538.A42969@palomine.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 11:51 AM 3/19/02 -0800, Alfred Perlstein wrote: >Once you load the key onto the machine and type your passphrase in you've >done as good as just typing your password into it. > >Don't use untrusted machines or get something like secure-ID that >does one-time passwords. Are there such products that work with FreeBSD ? (e.g. some keychain token generator) CryptoCard and the RSALabs one only seem to work with LINUX/Windows. > Even with one time passwords you never know >if someone with control over the machine is sitting there waiting for >you to grab a cup of coffee in order to take control of your session >and do nasties. :( > >So I guess it boils down to: > "Don't use untrusted machines." Ideally yes. But how can one best limit that risk. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message