From owner-freebsd-questions@FreeBSD.ORG Fri Mar 18 11:31:37 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 863DB16A4CE for ; Fri, 18 Mar 2005 11:31:37 +0000 (GMT) Received: from lorna.circlesquared.com (host217-45-219-85.in-addr.btopenworld.com [217.45.219.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B24B43D5E for ; Fri, 18 Mar 2005 11:31:32 +0000 (GMT) (envelope-from peter@circlesquared.com) Received: from localhost.circlesquared.com (localhost.circlesquared.com [127.0.0.1])j2IBV8Ir025916; Fri, 18 Mar 2005 11:31:10 GMT (envelope-from peter@circlesquared.com) From: Peter Risdon To: Dick Hoogendijk In-Reply-To: <20050318112317.GA35516@lothlorien.nagual.st> References: <20050318112317.GA35516@lothlorien.nagual.st> Content-Type: text/plain Date: Fri, 18 Mar 2005 11:31:08 +0000 Message-Id: <1111145468.882.260.camel@lorna.circlesquared.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit cc: freebsd-questions Subject: Re: ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2005 11:31:37 -0000 On Fri, 2005-03-18 at 12:23 +0100, Dick Hoogendijk wrote: > I log in from a remote windows computer on my school using PuTTY w/ > ssh2. What I'd like to know is how *safe* is the login from this windows > machine? I mean, can my login to my FreeBSD server at home be > *monitored* by someone while I'm using this windows machine at work? > Can the keystrokes that I use *in* PuTTY be seen by anybody on this > windows network at work. If so, what can I do about it to be more safe? PuTTY using ssh establishes an encrypted tunnel between the client and the server, and this makes you pretty secure from network sniffing on the school network or elsewhere. However, keystrokes are a different matter - a keystroke monitoring program on your windows PC will grab keystrokes regardless of the application you're using. Such programs are not unknown... An attempted 220 million pound robbery in London was just attempted using keystroke monitoring software to get account numbers and passwords from an otherwise secure system. So if your windows machine is compromised, everything you do on it will be compromised, period. That's your point of vulnerability, IMHO. Peter.