Jacob S wrote: > On Sat, 30 Apr 2005 16:29:50 -0700 > Bill Moseley <moseley@hank.org> wrote: > >>Scares the crap out of me using someone's Windows machine to connect >>with putty. I fear spyware key loggers. I assume they exist. I >>used to carry a small bootable linux distribution, but I can't always >>convince people to let me boot off it. >> >>I guess you cannot trust any machine you use that isn't your own. > > > Yep. I've thought about the same thing and the only real solution I can > come up with is to always carry a laptop/pda around with me if I want to > be able to ssh/read passwords from my usb key or anything else. You can probably generate a set of public keys and then add them all to your ~/.ssh/authorized_keys. You can then set up a script that runs as soon as you log in that will find out which key you used to log in with (not sure exactly the details, but I'm sure there is a way). The script can then remove that key from the ~/.ssh/authorized_keys file. That way you basically have a set of one time keys. As long as you don't ssh from there to anywhere else where you need to enter a password (public keys and ssh-agent are your friends), then are OK for most things. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
Attachment:
signature.asc
Description: OpenPGP digital signature