[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH Blocking (and then IMAP passwords)

Jacob S wrote:
> On Sat, 30 Apr 2005 16:29:50 -0700
> Bill Moseley <moseley@hank.org> wrote:
>>Scares the crap out of me using someone's Windows machine to connect
>>with putty.  I fear spyware key loggers.  I assume they exist.  I
>>used to carry a small bootable linux distribution, but I can't always
>>convince people to let me boot off it.
>>I guess you cannot trust any machine you use that isn't your own.
> Yep. I've thought about the same thing and the only real solution I can
> come up with is to always carry a laptop/pda around with me if I want to
> be able to ssh/read passwords from my usb key or anything else.

You can probably generate a set of public keys and then add them all to
your ~/.ssh/authorized_keys.  You can then set up a script that runs as
soon as you log in that will find out which key you used to log in with
(not sure exactly the details, but I'm sure there is a way).  The script
can then remove that key from the ~/.ssh/authorized_keys file.  That way
you basically have a set of one time keys.  As long as you don't ssh
from there to anywhere else where you need to enter a password (public
keys and ssh-agent are your friends), then are OK for most things.


Roberto C. Sanchez

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: