From owner-freebsd-security  Thu Mar 21 22:49: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80])
	by hub.freebsd.org (Postfix) with SMTP id 89C3D37B404
	for <security@FreeBSD.ORG>; Thu, 21 Mar 2002 22:48:59 -0800 (PST)
Received: (qmail 21521 invoked by uid 1001); 22 Mar 2002 06:47:00 -0000
Date: Fri, 22 Mar 2002 01:47:00 -0500
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: Steven Goodwin <steve@cit.gu.edu.au>
Cc: security@FreeBSD.ORG
Subject: Re: Safe SSH logins from public, untrusted Windows computers
Message-ID: <20020322014700.A21504@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <Pine.GSO.3.96.1020322140057.29070G-100000@kurango.cit.gu.edu.au> <Pine.GSO.3.96.1020322141921.29070I-100000@kurango.cit.gu.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.GSO.3.96.1020322141921.29070I-100000@kurango.cit.gu.edu.au>; from steve@cit.gu.edu.au on Fri, Mar 22, 2002 at 02:21:02PM +1000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Then use sudo which requires someone to know your user account's password.

On Fri, Mar 22, 2002 at 02:21:02PM +1000, Steven Goodwin wrote:
> > Without wanting to prolong the wacky ideas thread too much further, how
> > about using the screen port (/usr/ports/misc/screen).  Logged on at a
> > secure terminal, you could start a screen session, su to root, then detach
> > (ctrl+a+d).  When you are on travels, simply log in (using a particular
> > method described on this thread) to your remote machine as the user that
> > owns the screen session, re-attach the session (screen -r) and
> > viola, root access without passwords.  Simple, but useless if the remote
> > machine has been rebooted while you were away.  Wacky.
> > 
> > Steve 
> 
> Oh yeah, you might also have an issue with leaving a root terminal
> available to those that comprimise your user account.  Ouch.
> 
> Steve
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542 (Room)
860.486.1899 (Lab)
203.206.3784 (Cellphone)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message