From owner-freebsd-security Thu Mar 21 20:21:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailhost.gu.edu.au (kraken.itc.gu.edu.au [132.234.250.31]) by hub.freebsd.org (Postfix) with ESMTP id 544E937B417 for ; Thu, 21 Mar 2002 20:21:06 -0800 (PST) Received: from kurango.cit.gu.edu.au (daemon@kurango.cit.gu.edu.au [132.234.86.1]) by mailhost.gu.edu.au (8.10.1/8.10.1) with ESMTP id g2M4Ksc06855 for ; Fri, 22 Mar 2002 14:20:55 +1000 (EST) Received: from localhost (steve@localhost) by kurango.cit.gu.edu.au (8.12.2/8.12.2) with SMTP id g2M4L2WT006744 for ; Fri, 22 Mar 2002 14:21:02 +1000 (EST) Date: Fri, 22 Mar 2002 14:21:02 +1000 (EST) From: Steven Goodwin To: security@FreeBSD.ORG Subject: Re: Safe SSH logins from public, untrusted Windows computers In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Without wanting to prolong the wacky ideas thread too much further, how > about using the screen port (/usr/ports/misc/screen). Logged on at a > secure terminal, you could start a screen session, su to root, then detach > (ctrl+a+d). When you are on travels, simply log in (using a particular > method described on this thread) to your remote machine as the user that > owns the screen session, re-attach the session (screen -r) and > viola, root access without passwords. Simple, but useless if the remote > machine has been rebooted while you were away. Wacky. > > Steve Oh yeah, you might also have an issue with leaving a root terminal available to those that comprimise your user account. Ouch. Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message