Re: OT: Safe to access SSH server from work?
On Fri, May 6, 2011 at 12:02, Tom Furie <tom@furie.org.uk> wrote:
> No, the attacker needs to HAVE your private key and KNOW the pass phrase
> for that key. Assuming you keep your key secure and have a decent pass
> phrase his life should be very difficult indeed.
>
Yes, but using that key on a computer that he does not trust is NOT
"keeping the key secure".
To answer the OP, there is no straightforward way to connect to your
machine from a computer that you don't trust and still be safe. You
can try port-knocking which will slow down an attacker until he
figures out that is what you are doing from the compromised machine.
You might also have better luck with one-time passwords or one-time
keys.
Or, if it is possible, set up a web interface to whatever you want to
control on your home computer and do it in a browser. That will limit
the expose of the machine to whatever services you are controlling
from the browser.
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
Reply to: