From owner-freebsd-questions@FreeBSD.ORG Fri Mar 18 12:40:00 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDE3416A4CE for ; Fri, 18 Mar 2005 12:40:00 +0000 (GMT) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B35543D31 for ; Fri, 18 Mar 2005 12:40:00 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 298093 for multiple; Fri, 18 Mar 2005 07:37:40 -0500 In-Reply-To: <20050318112317.GA35516@lothlorien.nagual.st> References: <20050318112317.GA35516@lothlorien.nagual.st> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <99cae7ce10c8fc95279f82222e6018de@chrononomicon.com> Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Fri, 18 Mar 2005 07:39:43 -0500 To: Dick Hoogendijk X-Mailer: Apple Mail (2.619.2) X-Server: High Performance Mail Server - http://surgemail.com X-Authenticated-User: bsilver@chrononomicon.com X-DNS-Paranoid: DNS ptr lookup of (65.193.73.208) failed cc: freebsd-questions Subject: Re: ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2005 12:40:00 -0000 On Mar 18, 2005, at 6:23 AM, Dick Hoogendijk wrote: > I log in from a remote windows computer on my school using PuTTY w/ > ssh2. What I'd like to know is how *safe* is the login from this > windows > machine? I mean, can my login to my FreeBSD server at home be > *monitored* by someone while I'm using this windows machine at work? > Can the keystrokes that I use *in* PuTTY be seen by anybody on this > windows network at work. If so, what can I do about it to be more safe? > > I would like to be able to login to my home computer without being > worried about some sneaky system operator at work (school) ;-) The SSH session, I believe, should be secure from sniffing (assuming you're using protocol 2). If someone puts a keystroke logger on your windows machine, they will get the password. If they put a hardware logger on your computer, they will get the data. If they are watching over your shoulder just as you misstype your password as your username, you're probably in trouble. If someone is viewing your Windows desktop using remote monitoring software (like a modified VNC), they'll see your session. If putty is trojaned, you're in trouble. If you're *really* paranoid about the connection, grab knoppix and use it's ssh client to log in remotely.