From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 18 13:22:31 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 890F016A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Mar 2005 13:22:31 +0000 (GMT)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1590443D5A
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Mar 2005 13:22:31 +0000 (GMT)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (net4801-2 [192.168.254.1])
	by fw.farid-hajji.net (Postfix) with ESMTP id 370E54ACF9;
	Fri, 18 Mar 2005 14:22:16 +0100 (CET)
Date: Fri, 18 Mar 2005 14:22:15 +0100
From: cpghost@cordula.ws
To: Bart Silverstrim <bsilver@chrononomicon.com>
Message-ID: <20050318132215.GA55169@fw.farid-hajji.net>
References: <20050318112317.GA35516@lothlorien.nagual.st>
	<99cae7ce10c8fc95279f82222e6018de@chrononomicon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <99cae7ce10c8fc95279f82222e6018de@chrononomicon.com>
User-Agent: Mutt/1.5.8i
cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: ssh security
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2005 13:22:31 -0000

On Fri, Mar 18, 2005 at 07:39:43AM -0500, Bart Silverstrim wrote:
> If someone puts a keystroke logger on your windows machine, they will 
> get the password.
> 
> If they put a hardware logger on your computer, they will get the data.
> 
> If they are watching over your shoulder just as you misstype your 
> password as your username, you're probably in trouble.
> 
> If someone is viewing your Windows desktop using remote monitoring 
> software (like a modified VNC), they'll see your session.
> 
> If putty is trojaned, you're in trouble.

You can also enable OPIE passwords. Using opie(4) in combination with
ssh should solve some (though not all) of your problems w.r.t. sniffing
and key logging.

Of course, if you logged into a machine using opie, and *then* typed
some other (non one-time) passwords from withing that session, you'd
be still at the mercy of a local key logger or trojaned ssh client.
So you've got know what you're doing and use common sense :)

Cheers,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/