From owner-freebsd-security  Tue Mar 19 12:14:41 2002
Delivered-To: freebsd-security@freebsd.org
Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90])
	by hub.freebsd.org (Postfix) with ESMTP id F317937B4A8
	for <security@FreeBSD.ORG>; Tue, 19 Mar 2002 12:13:36 -0800 (PST)
Received: from noc2 (d2i-dialin-67.kl.terranova.net [216.89.230.67])
	by imation.homenetweb.com (8.12.2/8.12.2) with SMTP id g2JKCuhA048103;
	Tue, 19 Mar 2002 15:13:11 -0500 (EST)
Message-ID: <001401c1cf81$b12976e0$0101a8c0@noc2>
From: "Richard Ward" <mh@homenetweb.com>
To: "Chris Johnson" <cjohnson@palomine.net>, <security@FreeBSD.ORG>
References: <20020319144538.A42969@palomine.net>
Subject: Re: Safe SSH logins from public, untrusted Windows computers
Date: Tue, 19 Mar 2002 15:07:02 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Chris Johnson,
What about using a ICMP or UDP client/server that will authenticate a root
login from a "bad" public machine without having to execute a password via
your keyboard? Just a crude idea. I'm very skeptical about logging in as
root from any machine I don't feel 100% safe about. Although using one-time
passwords would be a better solution, it doesn't seem like a feasible answer
to me.

If I could shoot a really crazy idea your way: What about using the
"Character Map" program included with Windows to slowly "type" out your
password? Though that would probably be cached long before you overwrite the
Clipboard.

Good luck.

--
Richard Ward, GM
Home Net Web, Inc.


----- Original Message -----
From: Chris Johnson <cjohnson@palomine.net>
To: <security@FreeBSD.ORG>
Sent: Tuesday, March 19, 2002 2:45 PM
Subject: Safe SSH logins from public, untrusted Windows computers




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message