From owner-freebsd-questions@FreeBSD.ORG Wed Mar 2 08:13:21 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 214FA16A4CE for ; Wed, 2 Mar 2005 08:13:21 +0000 (GMT) Received: from royk.itea.ntnu.no (royk.itea.ntnu.no [129.241.190.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A6A043D41 for ; Wed, 2 Mar 2005 08:13:20 +0000 (GMT) (envelope-from janchris@stud.ntnu.no) Received: from localhost (localhost [127.0.0.1]) by royk.itea.ntnu.no (Postfix) with ESMTP id 0B83A66EA6; Wed, 2 Mar 2005 09:13:19 +0100 (CET) Received: from panter.stud.ntnu.no (panter.stud.ntnu.no [129.241.56.186]) by royk.itea.ntnu.no (Postfix) with ESMTP; Wed, 2 Mar 2005 09:13:18 +0100 (CET) Received: by panter.stud.ntnu.no (Postfix, from userid 32277) id A4C6512D51; Wed, 2 Mar 2005 09:13:18 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by panter.stud.ntnu.no (Postfix) with ESMTP id 920A412D50; Wed, 2 Mar 2005 09:13:18 +0100 (MET) Date: Wed, 2 Mar 2005 09:13:18 +0100 (MET) From: Jan Christian Meyer To: Stevan Tiefert In-Reply-To: <20050302085135.B23556@mail.rot-1.de> Message-ID: References: <20050302075507.P23359@mail.rot-1.de> <20050302074659.GA22958@mccme.ru> <20050302085135.B23556@mail.rot-1.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Content-Scanned: with sophos and spamassassin at mailgw.ntnu.no. cc: freebsd-questions@freebsd.org Subject: Re: sshd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2005 08:13:21 -0000 > [...] I can not close myself out with a firewall. I need the > access to my system over the internet. Am I right that in this case, only > a good password is protecting me? If you have a way of transporting a private key file to wherever you need to log in from (removable media, one last password login, whatever is secure enough for your satisfaction), you can use public-key cryptography and disable password based logins altogether. Take a look at the man pages of ssh-agent, ssh-add, ssh-keygen, and google around a bit - it is not too hard to set up. Cheers, -Jan Christian