1 May 2005 01:29
Re: SSH Blocking (and then IMAP passwords)
Bill Moseley <moseley <at> hank.org>
2005-04-30 23:29:50 GMT
2005-04-30 23:29:50 GMT
On Mon, Apr 25, 2005 at 02:26:04PM -0700, Beretta wrote: > The windows ssh client PuTTY.exe will easily fit on a floppy disk (368KB) and > the private key half of a private/public key pair should consume around 2KB (for > a total of 370KB) Of course, I personally prefer to keep my stuff on a USB > thumbdrive as they seem to be much more reliable than floppies. Scares the crap out of me using someone's Windows machine to connect with putty. I fear spyware key loggers. I assume they exist. I used to carry a small bootable linux distribution, but I can't always convince people to let me boot off it. I guess you cannot trust any machine you use that isn't your own. Single use passwords are a good idea, but seems like a pain to use. When working from a remote machine I often connect multiple times during the same session (yes, I also use screen). One hole I worry about is web mail. I setup webmail (over SSL) for my wife to use, and disabled her account so no ssh logins. Again, it's that fear of someone snooping. But, I get lazy and use the webmail access once in a while, and although it's over an SSL connection I'm typing my password in on an untrusted machine. I use exim4 to deliver to procmail which then delivers to Maildir directories. I use IMAP to access the mail with the "authpam" authentication module. I need to setup Courier IMAP to use a different set of passwords -- but still have read/write access to each user's $HOME/Maildir.(Continue reading)
RSS Feed