[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Work-needing packages report for Aug 19, 2005

On Sat, Aug 20, 2005 at 03:55:56PM +0200, Henning Makholm wrote:
> Do we have other ways to provide its functionality? I sometimes need
> to log into my machine from net cafes, and even SSH1 is preferable to
> telnet. :-/

Sure, run your SSH server listening to port 443, and use putty from
a trusted source (if running on Windows platforms). That's guarantee
to work even if they have a fascist proxy in place (if you configure
Putty to use its proxy).

The only caveat is that if you don't trust the system you are running in:

a) a sniffer would capture your passwords, you can use public key
authentication but then again a trojan could copy off the key and
capture your password anyway. You might want to look into one time
password authentication.

b) a trojan could potentially use your SSH tunnel (once established)
and inject commands in it. This can be done by replacing your putty
binary either in place (in the disk) or in memory. 

I would seriously advise against running SSH session in possibly
compromised systems. Even when preventing a) since b) is always
possible. I have not seen such attacks/trojans widely just yet, however.



Attachment: signature.asc
Description: Digital signature

Reply to: