From owner-freebsd-security Tue Mar 19 19: 5:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from C-Tower.Area51.DK (c-tower.area51.dk [212.242.89.130]) by hub.freebsd.org (Postfix) with SMTP id 867D437B404 for ; Tue, 19 Mar 2002 19:05:21 -0800 (PST) Received: (qmail 65359 invoked by uid 1007); 20 Mar 2002 03:05:18 -0000 Date: Wed, 20 Mar 2002 03:05:18 +0000 From: Alex Holst To: freebsd-security@freebsd.org Subject: Re: Safe SSH logins from public, untrusted Windows computers Message-ID: <20020320030518.GB53513@area51.dk> Mail-Followup-To: Alex Holst , freebsd-security@freebsd.org References: <20020319144538.A42969@palomine.net> <20020319131408.C324@ophiuchus.kazrak.com> <20020319152125.F43336@palomine.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20020319152125.F43336@palomine.net> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Quoting Chris Johnson (cjohnson@palomine.net): > Thanks very much for this; it seems to be just the ticket. I didn't know > anything about S/Key, other than it's the thing I recently turned off in my > sshd_config file because sshd was prompting me for things to which I didn't > know the answer. Note that captured S/Key passphrases can be bruteforced like anything else, so make sure you pick a *strong* secret. Change your secret regularly (e.g. between travels) to avoid a captured S/Key phrase resulting in a lost secret. -- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.area51.dk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message