From owner-freebsd-security  Tue Mar 19 11:51:28 2002
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by hub.freebsd.org (Postfix) with ESMTP id A264D37B404
	for <security@freebsd.org>; Tue, 19 Mar 2002 11:51:19 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 84BA2AE1EE; Tue, 19 Mar 2002 11:51:19 -0800 (PST)
Date: Tue, 19 Mar 2002 11:51:19 -0800
From: Alfred Perlstein <bright@mu.org>
To: Chris Johnson <cjohnson@palomine.net>
Cc: security@freebsd.org
Subject: Re: Safe SSH logins from public, untrusted Windows computers
Message-ID: <20020319195119.GI455@elvis.mu.org>
References: <20020319144538.A42969@palomine.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020319144538.A42969@palomine.net>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Chris Johnson <cjohnson@palomine.net> [020319 11:45] wrote:
> This isn't exactly FreeBSD-security-related, but it's certainly
> security-related, and I think it's likely to be of interest to many of the list
> members.
> 
> I spend a lot of time in hotels, and most of them have Internet centers with
> Windows computers for the use of hotel guests. It's easy enough to download a
> copy of PuTTY and hide it in the Windows directory so that I can make SSH
> logins to my various remote servers.
> 
> I worry, however, about trojans and keyboard sniffers and what-have-you
> monitoring my keystrokes, so I don't feel particularly safe doing this. So I
> thought I might stick a DSA key, encrypted with a passphrase used only for that
[snip]
> Does anyone have any comments, or does anyone have a better idea?

Once you load the key onto the machine and type your passphrase in you've
done as good as just typing your password into it.

Don't use untrusted machines or get something like secure-ID that
does one-time passwords.  Even with one time passwords you never know
if someone with control over the machine is sitting there waiting for
you to grab a cup of coffee in order to take control of your session
and do nasties. :(

So I guess it boils down to:
  "Don't use untrusted machines."

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message