ssh security
cpghost at cordula.ws
cpghost at cordula.ws
Fri Mar 18 05:22:31 PST 2005
On Fri, Mar 18, 2005 at 07:39:43AM -0500, Bart Silverstrim wrote:
> If someone puts a keystroke logger on your windows machine, they will
> get the password.
>
> If they put a hardware logger on your computer, they will get the data.
>
> If they are watching over your shoulder just as you misstype your
> password as your username, you're probably in trouble.
>
> If someone is viewing your Windows desktop using remote monitoring
> software (like a modified VNC), they'll see your session.
>
> If putty is trojaned, you're in trouble.
You can also enable OPIE passwords. Using opie(4) in combination with
ssh should solve some (though not all) of your problems w.r.t. sniffing
and key logging.
Of course, if you logged into a machine using opie, and *then* typed
some other (non one-time) passwords from withing that session, you'd
be still at the mercy of a local key logger or trojaned ssh client.
So you've got know what you're doing and use common sense :)
Cheers,
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list