From owner-freebsd-questions@FreeBSD.ORG Fri Mar 18 15:22:14 2005 Return-Path: <owner-freebsd-questions@FreeBSD.ORG> Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 905CC16A4CE for <freebsd-questions@freebsd.org>; Fri, 18 Mar 2005 15:22:14 +0000 (GMT) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id B457843D53 for <freebsd-questions@freebsd.org>; Fri, 18 Mar 2005 15:22:13 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 308324 for multiple; Fri, 18 Mar 2005 10:19:32 -0500 In-Reply-To: <20050318151253.GA36966@lothlorien.nagual.st> References: <20050318112317.GA35516@lothlorien.nagual.st> <99cae7ce10c8fc95279f82222e6018de@chrononomicon.com> <20050318151253.GA36966@lothlorien.nagual.st> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <0db33398b6a68a19d218099a38e3d713@chrononomicon.com> Content-Transfer-Encoding: 7bit From: Bart Silverstrim <bsilver@chrononomicon.com> Date: Fri, 18 Mar 2005 10:21:55 -0500 To: Dick Hoogendijk <dick@nagual.st> X-Mailer: Apple Mail (2.619.2) X-Server: High Performance Mail Server - http://surgemail.com X-Authenticated-User: bsilver@chrononomicon.com X-DNS-Paranoid: DNS ptr lookup of (65.193.73.208) failed cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions> List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 18 Mar 2005 15:22:14 -0000 On Mar 18, 2005, at 10:12 AM, Dick Hoogendijk wrote: > On 18 Mar Bart Silverstrim wrote: >> >> On Mar 18, 2005, at 6:23 AM, Dick Hoogendijk wrote: >> >>> I log in from a remote windows computer on my school using PuTTY w/ >>> ssh2. What I'd like to know is how *safe* is the login from this >>> windows machine? >>> I would like to be able to login to my home computer without being >>> worried about some sneaky system operator at work (school) ;-) >> >> The SSH session, I believe, should be secure from sniffing (assuming >> you're using protocol 2). >> >> If someone puts a keystroke logger on your windows machine, they will >> get the password. >> >> If they put a hardware logger on your computer, they will get the >> data. >> >> If they are watching over your shoulder just as you misstype your >> password as your username, you're probably in trouble. >> >> If someone is viewing your Windows desktop using remote monitoring >> software (like a modified VNC), they'll see your session. >> >> If putty is trojaned, you're in trouble. >> >> If you're *really* paranoid about the connection, grab knoppix and use >> it's ssh client to log in remotely. > > OK, thank you and all others who responded so quickly. This summary is > very clear. I changed all passwords right when I came back home ;-) > Assuming bad news has not yet happened.. > > Maybe I'm paranoid but I'll go for knoppix next time. It's the safest > way to go as I understand now. Don't forget to trace the cable leading from the keyboard to the back of the computer for a hardware logger :-) And yes, the "best" way to go for the truly paranoid UNIX-lover is to use a liveboot CD, as it will bypass any spyware, loggers, and monitors that are software based on the Windows system. The MD5sum of the liveboot CD should also be checked in this case. There are several out there available but knoppix seems to be the most popular liveboot utility disk around and seems to yield the most success in working on a myriad of hardware. -Bart