From owner-freebsd-security@FreeBSD.ORG Wed Dec 10 14:54:40 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2FCC16A4CE for ; Wed, 10 Dec 2003 14:54:39 -0800 (PST) Received: from mail.telsatgp.com.pl (pa79.pleszew.sdi.tpnet.pl [217.96.180.79]) by mx1.FreeBSD.org (Postfix) with SMTP id 5EA8243D49 for ; Wed, 10 Dec 2003 14:54:24 -0800 (PST) (envelope-from sgp@telsatgp.com.pl) Received: (qmail 43200 invoked from network); 10 Dec 2003 22:54:31 -0000 Received: from slawek.telsatgp.com.pl (HELO Slawek) (192.168.5.5) by pa79.pleszew.sdi.tpnet.pl with SMTP; 10 Dec 2003 22:54:31 -0000 Message-ID: <003401c3bf70$c4b90cd0$0505a8c0@Slawek> From: "Slawek" To: References: <6.0.0.22.2.20031210115335.04c2fc50@localhost> Date: Wed, 10 Dec 2003 23:55:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: s/key authentication for Apache on FreeBSD? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 22:54:40 -0000 Brett Glass wrote: > I'm constructing a Web server which may require restricted areas > of the site to be used from public places where a password might > be sniffed. The damage that could be done by taking snapshots of > the content from one session with a spy program is minimal. What > the owner of the server does NOT want, though, is to allow unauthorized > parties to gain unfettered access by stealing the password via > a key sniffer. Be warned that an attacker would probably be able to issue more commands after user thinks he has logged out (when user used compromised machine). Slawek